Avoid using the deprecated NetworkInfo API.

Merge plugin-toggles feature branch

See merge request briar/briar!1255

.gitlab-ci.yml

@@ -17,7 +17,7 @@ test:
 
   script:
     - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom animalSnifferMain animalSnifferTest
-    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom test
+    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom check compileOfficialDebugAndroidTestSources compileScreenshotDebugAndroidTestSources
 
   after_script:
     # these file change every time but should not be cached

.idea/codeStyles/Project.xml

@@ -1,5 +1,8 @@
 <component name="ProjectCodeStyleConfiguration">
   <code_scheme name="Project" version="173">
+    <AndroidXmlCodeStyleSettings>
+      <option name="ARRANGEMENT_SETTINGS_MIGRATED_TO_191" value="true" />
+    </AndroidXmlCodeStyleSettings>
     <JavaCodeStyleSettings>
       <option name="ANNOTATION_PARAMETER_WRAP" value="1" />
       <option name="IMPORT_LAYOUT_TABLE">

bramble-android/build.gradle

@@ -5,23 +5,31 @@ apply plugin: 'witness'
 apply from: 'witness.gradle'
 
 android {
-	compileSdkVersion 28
+	compileSdkVersion 29
-	buildToolsVersion '28.0.3'
+	buildToolsVersion '29.0.2'
 
 	defaultConfig {
 		minSdkVersion 16
 		targetSdkVersion 28
-		versionCode 10204
+		versionCode 10207
-		versionName "1.2.4"
+		versionName "1.2.7"
 		consumerProguardFiles 'proguard-rules.txt'
 
-		testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
+		testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
 	}
 
 	compileOptions {
 		sourceCompatibility JavaVersion.VERSION_1_8
 		targetCompatibility JavaVersion.VERSION_1_8
 	}
+
+	lintOptions {
+		// FIXME
+		warning "LintError"
+		warning "InvalidPackage"
+		warning "MissingPermission"
+		warning "InlinedApi", "ObsoleteSdkInt", "Override", "NewApi", "UnusedAttribute"
+	}
 }
 
 configurations {
@@ -30,10 +38,10 @@ configurations {
 
 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
-	tor 'org.briarproject:tor-android:0.3.5.8-64@zip'
+	tor 'org.briarproject:tor-android:0.3.5.10@zip'
 	tor 'org.briarproject:obfs4proxy-android:0.0.11-2@zip'
 
-	annotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'
+	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'
 
 	compileOnly 'javax.annotation:jsr250-api:1.0'
 

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidEagerSingletons.java

@@ -11,4 +11,14 @@ public interface BrambleAndroidEagerSingletons {
 	void inject(AndroidNetworkModule.EagerSingletons init);
 
 	void inject(ReportingModule.EagerSingletons init);
+
+	class Helper {
+
+		public static void injectEagerSingletons(
+				BrambleAndroidEagerSingletons c) {
+			c.inject(new AndroidBatteryModule.EagerSingletons());
+			c.inject(new AndroidNetworkModule.EagerSingletons());
+			c.inject(new ReportingModule.EagerSingletons());
+		}
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidModule.java

@@ -18,10 +18,4 @@ import dagger.Module;
 		SocksModule.class
 })
 public class BrambleAndroidModule {
-
-	public static void initEagerSingletons(BrambleAndroidEagerSingletons c) {
-		c.inject(new AndroidBatteryModule.EagerSingletons());
-		c.inject(new AndroidNetworkModule.EagerSingletons());
-		c.inject(new ReportingModule.EagerSingletons());
-	}
 }

bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java

@@ -12,13 +12,16 @@ import org.briarproject.bramble.api.identity.IdentityManager;
 
 import java.io.File;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Arrays.asList;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
 import static org.briarproject.bramble.util.LogUtils.logFileOrDir;
@@ -29,7 +32,11 @@ class AndroidAccountManager extends AccountManagerImpl
 	private static final Logger LOG =
 			Logger.getLogger(AndroidAccountManager.class.getName());
 
-	private static final String PREF_DB_KEY = "key";
+	/**
+	 * Directories that shouldn't be deleted when deleting the user's account.
+	 */
+	private static final List<String> PROTECTED_DIR_NAMES =
+			asList("cache", "code_cache", "lib", "shared_prefs");
 
 	protected final Context appContext;
 	private final SharedPreferences prefs;
@@ -53,36 +60,6 @@ class AndroidAccountManager extends AccountManagerImpl
 		return exists;
 	}
 
-	// Locking: stateChangeLock
-	@Override
-	@Nullable
-	protected String loadEncryptedDatabaseKey() {
-		String key = getDatabaseKeyFromPreferences();
-		if (key == null) key = super.loadEncryptedDatabaseKey();
-		else migrateDatabaseKeyToFile(key);
-		return key;
-	}
-
-	// Locking: stateChangeLock
-	@Nullable
-	private String getDatabaseKeyFromPreferences() {
-		String key = prefs.getString(PREF_DB_KEY, null);
-		if (key == null) LOG.info("No database key in preferences");
-		else LOG.info("Found database key in preferences");
-		return key;
-	}
-
-	// Locking: stateChangeLock
-	private void migrateDatabaseKeyToFile(String key) {
-		if (storeEncryptedDatabaseKey(key)) {
-			if (prefs.edit().remove(PREF_DB_KEY).commit())
-				LOG.info("Database key migrated to file");
-			else LOG.warning("Database key not removed from preferences");
-		} else {
-			LOG.warning("Database key not migrated to file");
-		}
-	}
-
 	@Override
 	public void deleteAccount() {
 		synchronized (stateChangeLock) {
@@ -105,14 +82,14 @@ class AndroidAccountManager extends AccountManagerImpl
 		return PreferenceManager.getDefaultSharedPreferences(appContext);
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	private void deleteAppData(SharedPreferences... clear) {
 		// Clear and commit shared preferences
 		for (SharedPreferences prefs : clear) {
 			if (!prefs.edit().clear().commit())
 				LOG.warning("Could not clear shared preferences");
 		}
-		// Delete files, except lib and shared_prefs directories
+		// Delete files, except protected directories
 		Set<File> files = new HashSet<>();
 		File dataDir = getDataDir();
 		@Nullable
@@ -121,14 +98,12 @@ class AndroidAccountManager extends AccountManagerImpl
 			LOG.warning("Could not list files in app data dir");
 		} else {
 			for (File file : fileArray) {
-				String name = file.getName();
+				if (!PROTECTED_DIR_NAMES.contains(file.getName())) {
-				if (!name.equals("lib") && !name.equals("shared_prefs")) {
 					files.add(file);
 				}
 			}
 		}
 		files.add(appContext.getFilesDir());
-		files.add(appContext.getCacheDir());
 		addIfNotNull(files, appContext.getExternalCacheDir());
 		if (SDK_INT >= 19) {
 			for (File file : appContext.getExternalCacheDirs()) {
@@ -140,12 +115,16 @@ class AndroidAccountManager extends AccountManagerImpl
 				addIfNotNull(files, file);
 			}
 		}
+		// Clear the cache directory but don't delete it
+		File cacheDir = appContext.getCacheDir();
+		File[] children = cacheDir.listFiles();
+		if (children != null) files.addAll(asList(children));
 		for (File file : files) {
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Deleting " + file.getAbsolutePath());
+			}
 			deleteFileOrDir(file);
 		}
-		// Recreate the cache dir as some OpenGL drivers expect it to exist
-		if (!new File(dataDir, "cache").mkdirs())
-			LOG.warning("Could not recreate cache dir");
 	}
 
 	private File getDataDir() {

bramble-android/src/main/java/org/briarproject/bramble/network/AndroidNetworkManager.java

@@ -6,6 +6,8 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.net.ConnectivityManager;
+import android.net.Network;
+import android.net.NetworkCapabilities;
 import android.net.NetworkInfo;
 
 import org.briarproject.bramble.api.event.EventBus;
@@ -32,11 +34,15 @@ import static android.content.Intent.ACTION_SCREEN_OFF;
 import static android.content.Intent.ACTION_SCREEN_ON;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
+import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
+import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+import static android.net.wifi.p2p.WifiP2pManager.WIFI_P2P_THIS_DEVICE_CHANGED_ACTION;
 import static android.os.Build.VERSION.SDK_INT;
 import static android.os.PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED;
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.SECONDS;
 import static java.util.logging.Level.INFO;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
@@ -51,7 +57,8 @@ class AndroidNetworkManager implements NetworkManager, Service {
 
 	private final ScheduledExecutorService scheduler;
 	private final EventBus eventBus;
-	private final Context appContext;
+	private final Application app;
+	private final ConnectivityManager connectivityManager;
 	private final AtomicReference<Future<?>> connectivityCheck =
 			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
@@ -63,7 +70,9 @@ class AndroidNetworkManager implements NetworkManager, Service {
 			EventBus eventBus, Application app) {
 		this.scheduler = scheduler;
 		this.eventBus = eventBus;
-		this.appContext = app.getApplicationContext();
+		this.app = app;
+		connectivityManager = (ConnectivityManager)
+				requireNonNull(app.getSystemService(CONNECTIVITY_SERVICE));
 	}
 
 	@Override
@@ -76,26 +85,35 @@ class AndroidNetworkManager implements NetworkManager, Service {
 		filter.addAction(ACTION_SCREEN_ON);
 		filter.addAction(ACTION_SCREEN_OFF);
 		filter.addAction(WIFI_AP_STATE_CHANGED_ACTION);
+		filter.addAction(WIFI_P2P_THIS_DEVICE_CHANGED_ACTION);
 		if (SDK_INT >= 23) filter.addAction(ACTION_DEVICE_IDLE_MODE_CHANGED);
-		appContext.registerReceiver(networkStateReceiver, filter);
+		app.registerReceiver(networkStateReceiver, filter);
-
 	}
 
 	@Override
 	public void stopService() {
-		if (networkStateReceiver != null)
+		if (networkStateReceiver != null) {
-			appContext.unregisterReceiver(networkStateReceiver);
+			app.unregisterReceiver(networkStateReceiver);
+		}
 	}
 
 	@Override
 	public NetworkStatus getNetworkStatus() {
-		ConnectivityManager cm = (ConnectivityManager)
+		if (SDK_INT >= 23) {
-				appContext.getSystemService(CONNECTIVITY_SERVICE);
+			Network net = connectivityManager.getActiveNetwork();
-		if (cm == null) throw new AssertionError();
+			if (net == null) return new NetworkStatus(false, false);
-		NetworkInfo net = cm.getActiveNetworkInfo();
+			NetworkCapabilities caps =
-		boolean connected = net != null && net.isConnected();
+					connectivityManager.getNetworkCapabilities(net);
-		boolean wifi = connected && net.getType() == TYPE_WIFI;
+			if (caps == null) return new NetworkStatus(false, false);
-		return new NetworkStatus(connected, wifi);
+			boolean connected = caps.hasCapability(NET_CAPABILITY_INTERNET);
+			boolean wifi = caps.hasTransport(TRANSPORT_WIFI);
+			return new NetworkStatus(connected, wifi);
+		} else {
+			NetworkInfo net = connectivityManager.getActiveNetworkInfo();
+			boolean connected = net != null && net.isConnected();
+			boolean wifi = connected && net.getType() == TYPE_WIFI;
+			return new NetworkStatus(connected, wifi);
+		}
 	}
 
 	private void updateConnectionStatus() {
@@ -136,7 +154,8 @@ class AndroidNetworkManager implements NetworkManager, Service {
 		}
 
 		private boolean isApEvent(@Nullable String action) {
-			return WIFI_AP_STATE_CHANGED_ACTION.equals(action);
+			return WIFI_AP_STATE_CHANGED_ACTION.equals(action) ||
+					WIFI_P2P_THIS_DEVICE_CHANGED_ACTION.equals(action);
 		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -9,6 +9,7 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
@@ -24,13 +25,13 @@ import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
 import java.util.UUID;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
 import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
@@ -47,7 +48,10 @@ import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
 import static android.bluetooth.BluetoothAdapter.STATE_OFF;
 import static android.bluetooth.BluetoothAdapter.STATE_ON;
 import static android.bluetooth.BluetoothDevice.ACTION_FOUND;
+import static android.bluetooth.BluetoothDevice.DEVICE_TYPE_LE;
 import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
+import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Collections.shuffle;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
@@ -63,6 +67,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 
 	private static final int MAX_DISCOVERY_MS = 10_000;
 
+	private final ScheduledExecutorService scheduler;
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
 	private final Clock clock;
@@ -74,11 +79,14 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	private volatile BluetoothAdapter adapter = null;
 
 	AndroidBluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			Executor ioExecutor, AndroidExecutor androidExecutor,
+			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			Context appContext, SecureRandom secureRandom, Clock clock,
+			SecureRandom secureRandom, ScheduledExecutorService scheduler,
-			Backoff backoff, PluginCallback callback, int maxLatency) {
+			AndroidExecutor androidExecutor, Context appContext, Clock clock,
-		super(connectionLimiter, ioExecutor, secureRandom, backoff, callback,
+			Backoff backoff, PluginCallback callback, int maxLatency,
-				maxLatency);
+			int maxIdleTime) {
+		super(connectionLimiter, timeoutMonitor, ioExecutor, secureRandom,
+				backoff, callback, maxLatency, maxIdleTime);
+		this.scheduler = scheduler;
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.clock = clock;
@@ -146,6 +154,12 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		wasEnabledByUs = true;
 	}
 
+	@Override
+	void onAdapterDisabled() {
+		super.onAdapterDisabled();
+		wasEnabledByUs = false;
+	}
+
 	@Override
 	@Nullable
 	String getBluetoothAddress() {
@@ -170,9 +184,10 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		return wrapSocket(ss.accept());
 	}
 
-	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
+	private DuplexTransportConnection wrapSocket(BluetoothSocket s)
-		return new AndroidBluetoothTransportConnection(this,
+			throws IOException {
-				connectionLimiter, s);
+		return new AndroidBluetoothTransportConnection(this, connectionLimiter,
+				timeoutMonitor, appContext, scheduler, s);
 	}
 
 	@Override
@@ -240,11 +255,15 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 						break;
 					} else if (ACTION_FOUND.equals(action)) {
 						BluetoothDevice d = i.getParcelableExtra(EXTRA_DEVICE);
-						String address = d.getAddress();
+						// Ignore Bluetooth LE devices
-						if (LOG.isLoggable(INFO))
+						if (SDK_INT < 18 || d.getType() != DEVICE_TYPE_LE) {
-							LOG.info("Discovered " + scrubMacAddress(address));
+							String address = d.getAddress();
-						if (!addresses.contains(address))
+							if (LOG.isLoggable(INFO))
-							addresses.add(address);
+								LOG.info("Discovered " +
+										scrubMacAddress(address));
+							if (!addresses.contains(address))
+								addresses.add(address);
+						}
 					}
 					now = clock.currentTimeMillis();
 				}
@@ -260,7 +279,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 			appContext.unregisterReceiver(receiver);
 		}
 		// Shuffle the addresses so we don't always try the same one first
-		Collections.shuffle(addresses);
+		shuffle(addresses);
 		return addresses;
 	}
 

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.plugin.bluetooth;
 import android.content.Context;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -15,6 +16,7 @@ import org.briarproject.bramble.api.system.Clock;
 
 import java.security.SecureRandom;
 import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledExecutorService;
 
 import javax.annotation.concurrent.Immutable;
 
@@ -25,28 +27,34 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
 	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
+	private final ScheduledExecutorService scheduler;
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
 	private final SecureRandom secureRandom;
 	private final EventBus eventBus;
 	private final Clock clock;
+	private final TimeoutMonitor timeoutMonitor;
 	private final BackoffFactory backoffFactory;
 
 	public AndroidBluetoothPluginFactory(Executor ioExecutor,
+			ScheduledExecutorService scheduler,
 			AndroidExecutor androidExecutor, Context appContext,
 			SecureRandom secureRandom, EventBus eventBus, Clock clock,
-			BackoffFactory backoffFactory) {
+			TimeoutMonitor timeoutMonitor, BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
+		this.scheduler = scheduler;
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.secureRandom = secureRandom;
 		this.eventBus = eventBus;
 		this.clock = clock;
+		this.timeoutMonitor = timeoutMonitor;
 		this.backoffFactory = backoffFactory;
 	}
 
@@ -63,12 +71,13 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	@Override
 	public DuplexPlugin createPlugin(PluginCallback callback) {
 		BluetoothConnectionLimiter connectionLimiter =
-				new BluetoothConnectionLimiterImpl();
+				new BluetoothConnectionLimiterImpl(eventBus);
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidBluetoothPlugin plugin = new AndroidBluetoothPlugin(
-				connectionLimiter, ioExecutor, androidExecutor, appContext,
+				connectionLimiter, timeoutMonitor, ioExecutor, secureRandom,
-				secureRandom, clock, backoff, callback, MAX_LATENCY);
+				scheduler, androidExecutor, appContext, clock, backoff,
+				callback, MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothTransportConnection.java

@@ -1,33 +1,60 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
 import android.bluetooth.BluetoothSocket;
+import android.content.Context;
+import android.os.PowerManager;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
+import org.briarproject.bramble.util.RenewableWakeLock;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.util.concurrent.ScheduledExecutorService;
+
+import static android.content.Context.POWER_SERVICE;
+import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
+import static java.util.concurrent.TimeUnit.MINUTES;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.util.AndroidUtils.getWakeLockTag;
+import static org.briarproject.bramble.util.AndroidUtils.isValidBluetoothAddress;
 
 @NotNullByDefault
 class AndroidBluetoothTransportConnection
 		extends AbstractDuplexTransportConnection {
 
-	private final BluetoothConnectionLimiter connectionManager;
+	private final BluetoothConnectionLimiter connectionLimiter;
+	private final RenewableWakeLock wakeLock;
 	private final BluetoothSocket socket;
+	private final InputStream in;
 
 	AndroidBluetoothTransportConnection(Plugin plugin,
-			BluetoothConnectionLimiter connectionManager,
+			BluetoothConnectionLimiter connectionLimiter,
-			BluetoothSocket socket) {
+			TimeoutMonitor timeoutMonitor, Context appContext,
+			ScheduledExecutorService scheduler, BluetoothSocket socket)
+			throws IOException {
 		super(plugin);
-		this.connectionManager = connectionManager;
+		this.connectionLimiter = connectionLimiter;
 		this.socket = socket;
+		in = timeoutMonitor.createTimeoutInputStream(
+				socket.getInputStream(), plugin.getMaxIdleTime() * 2);
+		PowerManager powerManager = (PowerManager)
+				requireNonNull(appContext.getSystemService(POWER_SERVICE));
+		String tag = getWakeLockTag(appContext);
+		wakeLock = new RenewableWakeLock(powerManager, scheduler,
+				PARTIAL_WAKE_LOCK, tag, 1, MINUTES);
+		wakeLock.acquire();
+		String address = socket.getRemoteDevice().getAddress();
+		if (isValidBluetoothAddress(address)) remote.put(PROP_ADDRESS, address);
 	}
 
 	@Override
-	protected InputStream getInputStream() throws IOException {
+	protected InputStream getInputStream() {
-		return socket.getInputStream();
+		return in;
 	}
 
 	@Override
@@ -40,7 +67,8 @@ class AndroidBluetoothTransportConnection
 		try {
 			socket.close();
 		} finally {
-			connectionManager.connectionClosed(this);
+			wakeLock.release();
+			connectionLimiter.connectionClosed(this);
 		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -1,25 +1,32 @@
 package org.briarproject.bramble.plugin.tcp;
 
+import android.annotation.TargetApi;
 import android.content.Context;
 import android.net.ConnectivityManager;
+import android.net.LinkAddress;
+import android.net.LinkProperties;
 import android.net.Network;
-import android.net.NetworkInfo;
+import android.net.NetworkCapabilities;
 import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;
 
 import org.briarproject.bramble.PoliteExecutor;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.PluginCallback;
+import org.briarproject.bramble.api.settings.Settings;
 
 import java.io.IOException;
 import java.net.InetAddress;
+import java.net.InterfaceAddress;
+import java.net.NetworkInterface;
 import java.net.Socket;
+import java.net.SocketException;
 import java.net.UnknownHostException;
-import java.util.Collection;
+import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
@@ -28,31 +35,24 @@ import javax.net.SocketFactory;
 
 import static android.content.Context.CONNECTIVITY_SERVICE;
 import static android.content.Context.WIFI_SERVICE;
-import static android.net.ConnectivityManager.TYPE_WIFI;
+import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Collections.emptyList;
+import static java.util.Collections.list;
 import static java.util.Collections.singletonList;
+import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
+import static org.briarproject.bramble.util.IoUtils.tryToClose;
+import static org.briarproject.bramble.util.LogUtils.logException;
 
 @NotNullByDefault
-class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
+class AndroidLanTcpPlugin extends LanTcpPlugin {
 
 	private static final Logger LOG =
 			getLogger(AndroidLanTcpPlugin.class.getName());
 
-	private static final byte[] WIFI_AP_ADDRESS_BYTES =
-			{(byte) 192, (byte) 168, 43, 1};
-	private static final InetAddress WIFI_AP_ADDRESS;
-
-	static {
-		try {
-			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
-		} catch (UnknownHostException e) {
-			// Should only be thrown if the address has an illegal length
-			throw new AssertionError(e);
-		}
-	}
-
 	private final Executor connectionStatusExecutor;
 	private final ConnectivityManager connectivityManager;
 	@Nullable
@@ -62,8 +62,9 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
 	AndroidLanTcpPlugin(Executor ioExecutor, Context appContext,
 			Backoff backoff, PluginCallback callback, int maxLatency,
-			int maxIdleTime) {
+			int maxIdleTime, int connectionTimeout) {
-		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
+		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime,
+				connectionTimeout);
 		// Don't execute more than one connection status check at a time
 		connectionStatusExecutor =
 				new PoliteExecutor("AndroidLanTcpPlugin", ioExecutor, 1);
@@ -79,34 +80,137 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 	@Override
 	public void start() {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		running = true;
+		initialisePortProperty();
+		Settings settings = callback.getSettings();
+		state.setStarted(settings.getBoolean(PREF_PLUGIN_ENABLE, false));
 		updateConnectionStatus();
 	}
 
-	@Override
-	public void stop() {
-		running = false;
-		tryToClose(socket);
-	}
-
 	@Override
 	protected Socket createSocket() throws IOException {
 		return socketFactory.createSocket();
 	}
 
 	@Override
-	protected Collection<InetAddress> getLocalIpAddresses() {
+	protected List<InetAddress> getUsableLocalInetAddresses(boolean ipv4) {
-		// If the device doesn't have wifi, don't open any sockets
+		InetAddress addr = getWifiAddress(ipv4);
-		if (wifiManager == null) return emptyList();
+		return addr == null ? emptyList() : singletonList(addr);
-		// If we're connected to a wifi network, use that network
+	}
+
+	@Nullable
+	private InetAddress getWifiAddress(boolean ipv4) {
+		Pair<InetAddress, Boolean> wifi = getWifiIpv4Address();
+		if (ipv4) return wifi == null ? null : wifi.getFirst();
+		// If there's no wifi IPv4 address, we might be a client on an
+		// IPv6-only wifi network. We can only detect this on API 21+
+		if (wifi == null) {
+			return SDK_INT >= 21 ? getWifiClientIpv6Address() : null;
+		}
+		// Use the wifi IPv4 address to determine which interface's IPv6
+		// address we should return (if the interface has a suitable address)
+		return getIpv6AddressForInterface(wifi.getFirst());
+	}
+
+	/**
+	 * Returns a {@link Pair} where the first element is the IPv4 address of
+	 * the wifi interface and the second element is true if this device is
+	 * providing an access point, or false if this device is a client. Returns
+	 * null if this device isn't connected to wifi as an access point or client.
+	 */
+	@Nullable
+	private Pair<InetAddress, Boolean> getWifiIpv4Address() {
+		if (wifiManager == null) return null;
+		// If we're connected to a wifi network, return its address
 		WifiInfo info = wifiManager.getConnectionInfo();
-		if (info != null && info.getIpAddress() != 0)
+		if (info != null && info.getIpAddress() != 0) {
-			return singletonList(intToInetAddress(info.getIpAddress()));
+			return new Pair<>(intToInetAddress(info.getIpAddress()), false);
-		// If we're running an access point, return its address
+		}
-		if (super.getLocalIpAddresses().contains(WIFI_AP_ADDRESS))
+		List<InterfaceAddress> ifAddrs = getLocalInterfaceAddresses();
-			return singletonList(WIFI_AP_ADDRESS);
+		// If we're providing a normal access point, return its address
-		// No suitable addresses
+		for (InterfaceAddress ifAddr : ifAddrs) {
-		return emptyList();
+			if (isAndroidWifiApAddress(ifAddr)) {
+				return new Pair<>(ifAddr.getAddress(), true);
+			}
+		}
+		// If we're providing a wifi direct access point, return its address
+		for (InterfaceAddress ifAddr : ifAddrs) {
+			if (isAndroidWifiDirectApAddress(ifAddr)) {
+				return new Pair<>(ifAddr.getAddress(), true);
+			}
+		}
+		// Not connected to wifi
+		return null;
+	}
+
+	/**
+	 * Returns true if the given address belongs to a network provided by an
+	 * Android access point (including the access point's own address).
+	 * <p>
+	 * The access point's address is usually 192.168.43.1, but at least one
+	 * device (Honor 8A) may use other addresses in the range 192.168.43.0/24.
+	 */
+	private boolean isAndroidWifiApAddress(InterfaceAddress ifAddr) {
+		if (ifAddr.getNetworkPrefixLength() != 24) return false;
+		byte[] ip = ifAddr.getAddress().getAddress();
+		return ip.length == 4
+				&& ip[0] == (byte) 192
+				&& ip[1] == (byte) 168
+				&& ip[2] == (byte) 43;
+	}
+
+	/**
+	 * Returns true if the given address belongs to a network provided by an
+	 * Android wifi direct legacy mode access point (including the access
+	 * point's own address).
+	 */
+	private boolean isAndroidWifiDirectApAddress(InterfaceAddress ifAddr) {
+		if (ifAddr.getNetworkPrefixLength() != 24) return false;
+		byte[] ip = ifAddr.getAddress().getAddress();
+		return ip.length == 4
+				&& ip[0] == (byte) 192
+				&& ip[1] == (byte) 168
+				&& ip[2] == (byte) 49;
+	}
+
+	/**
+	 * Returns a link-local IPv6 address for the wifi client interface, or null
+	 * if there's no such interface or it doesn't have a suitable address.
+	 */
+	@TargetApi(21)
+	@Nullable
+	private InetAddress getWifiClientIpv6Address() {
+		for (Network net : connectivityManager.getAllNetworks()) {
+			NetworkCapabilities caps =
+					connectivityManager.getNetworkCapabilities(net);
+			if (caps == null || !caps.hasTransport(TRANSPORT_WIFI)) continue;
+			LinkProperties props = connectivityManager.getLinkProperties(net);
+			if (props == null) continue;
+			for (LinkAddress linkAddress : props.getLinkAddresses()) {
+				InetAddress addr = linkAddress.getAddress();
+				if (isIpv6LinkLocalAddress(addr)) return addr;
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * Returns a link-local IPv6 address for the interface with the given IPv4
+	 * address, or null if the interface doesn't have a suitable address.
+	 */
+	@Nullable
+	private InetAddress getIpv6AddressForInterface(InetAddress ipv4) {
+		try {
+			NetworkInterface iface = NetworkInterface.getByInetAddress(ipv4);
+			if (iface == null) return null;
+			for (InetAddress addr : list(iface.getInetAddresses())) {
+				if (isIpv6LinkLocalAddress(addr)) return addr;
+			}
+			// No suitable address
+			return null;
+		} catch (SocketException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
 	}
 
 	private InetAddress intToInetAddress(int ip) {
@@ -128,9 +232,11 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 	private SocketFactory getSocketFactory() {
 		if (SDK_INT < 21) return SocketFactory.getDefault();
 		for (Network net : connectivityManager.getAllNetworks()) {
-			NetworkInfo info = connectivityManager.getNetworkInfo(net);
+			NetworkCapabilities caps =
-			if (info != null && info.getType() == TYPE_WIFI)
+					connectivityManager.getNetworkCapabilities(net);
+			if (caps != null && caps.hasTransport(TRANSPORT_WIFI)) {
 				return net.getSocketFactory();
+			}
 		}
 		LOG.warning("Could not find suitable socket factory");
 		return SocketFactory.getDefault();
@@ -138,30 +244,59 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
 	@Override
 	public void eventOccurred(Event e) {
+		super.eventOccurred(e);
 		if (e instanceof NetworkStatusEvent) updateConnectionStatus();
 	}
 
 	private void updateConnectionStatus() {
 		connectionStatusExecutor.execute(() -> {
-			if (!running) return;
+			State s = getState();
-			Collection<InetAddress> addrs = getLocalIpAddresses();
+			if (s != ACTIVE && s != INACTIVE) return;
-			if (addrs.contains(WIFI_AP_ADDRESS)) {
+			Pair<InetAddress, Boolean> wifi = getPreferredWifiAddress();
+			if (wifi == null) {
+				LOG.info("Not connected to wifi");
+				socketFactory = SocketFactory.getDefault();
+				// Server sockets may not have been closed automatically when
+				// interface was taken down. If any sockets are open, closing
+				// them here will cause the sockets to be cleared and the state
+				// to be updated in acceptContactConnections()
+				if (s == ACTIVE) {
+					LOG.info("Closing server sockets");
+					tryToClose(state.getServerSocket(true), LOG, WARNING);
+					tryToClose(state.getServerSocket(false), LOG, WARNING);
+				}
+			} else if (wifi.getSecond()) {
 				LOG.info("Providing wifi hotspot");
 				// There's no corresponding Network object and thus no way
 				// to get a suitable socket factory, so we won't be able to
 				// make outgoing connections on API 21+ if another network
 				// has internet access
 				socketFactory = SocketFactory.getDefault();
-				if (socket == null || socket.isClosed()) bind();
+				if (s == INACTIVE) bind();
-			} else if (addrs.isEmpty()) {
-				LOG.info("Not connected to wifi");
-				socketFactory = SocketFactory.getDefault();
-				tryToClose(socket);
 			} else {
 				LOG.info("Connected to wifi");
 				socketFactory = getSocketFactory();
-				if (socket == null || socket.isClosed()) bind();
+				if (s == INACTIVE) bind();
 			}
 		});
 	}
+
+	/**
+	 * Returns a {@link Pair} where the first element is an IP address (IPv4 if
+	 * available, otherwise IPv6) of the wifi interface and the second element
+	 * is true if this device is providing an access point, or false if this
+	 * device is a client. Returns null if this device isn't connected to wifi
+	 * as an access point or client.
+	 */
+	@Nullable
+	private Pair<InetAddress, Boolean> getPreferredWifiAddress() {
+		Pair<InetAddress, Boolean> wifi = getWifiIpv4Address();
+		// If there's no wifi IPv4 address, we might be a client on an
+		// IPv6-only wifi network. We can only detect this on API 21+
+		if (wifi == null && SDK_INT >= 21) {
+			InetAddress ipv6 = getWifiClientIpv6Address();
+			if (ipv6 != null) return new Pair<>(ipv6, false);
+		}
+		return wifi;
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java

@@ -21,10 +21,11 @@ import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
 @NotNullByDefault
 public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 
-	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_LATENCY = 30_000; // 30 seconds
-	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30_000; // 30 seconds
-	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
+	private static final int CONNECTION_TIMEOUT = 3_000; // 3 seconds
-	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
+	private static final int MIN_POLLING_INTERVAL = 60_000; // 1 minute
+	private static final int MAX_POLLING_INTERVAL = 600_000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
@@ -55,7 +56,8 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidLanTcpPlugin plugin = new AndroidLanTcpPlugin(ioExecutor,
-				appContext, backoff, callback, MAX_LATENCY, MAX_IDLE_TIME);
+				appContext, backoff, callback, MAX_LATENCY, MAX_IDLE_TIME,
+				CONNECTION_TIMEOUT);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java

@@ -27,6 +27,7 @@ import static android.content.Context.MODE_PRIVATE;
 import static android.content.Context.POWER_SERVICE;
 import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
 import static java.util.concurrent.TimeUnit.MINUTES;
+import static org.briarproject.bramble.util.AndroidUtils.getWakeLockTag;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
@@ -53,7 +54,7 @@ class AndroidTorPlugin extends TorPlugin {
 				appContext.getSystemService(POWER_SERVICE);
 		if (pm == null) throw new AssertionError();
 		wakeLock = new RenewableWakeLock(pm, scheduler, PARTIAL_WAKE_LOCK,
-				getWakeLockTag(), 1, MINUTES);
+				getWakeLockTag(appContext), 1, MINUTES);
 	}
 
 	@Override
@@ -74,7 +75,6 @@ class AndroidTorPlugin extends TorPlugin {
 
 	@Override
 	protected void enableNetwork(boolean enable) throws IOException {
-		if (!running) return;
 		if (enable) wakeLock.acquire();
 		super.enableNetwork(enable);
 		if (!enable) wakeLock.release();
@@ -85,17 +85,4 @@ class AndroidTorPlugin extends TorPlugin {
 		super.stop();
 		wakeLock.release();
 	}
-
-	private String getWakeLockTag() {
-		PackageManager pm = appContext.getPackageManager();
-		for (PackageInfo info : pm.getInstalledPackages(0)) {
-			String name = info.packageName.toLowerCase();
-			if (name.startsWith("com.huawei.powergenie")) {
-				return "LocationManagerService";
-			} else if (name.startsWith("com.evenwell.powermonitor")) {
-				return "AudioIn";
-			}
-		}
-		return getClass().getSimpleName();
-	}
 }

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidLocationUtils.java

@@ -61,12 +61,12 @@ class AndroidLocationUtils implements LocationUtils {
 	private String getCountryFromPhoneNetwork() {
 		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
 		TelephonyManager tm = (TelephonyManager) o;
-		return tm.getNetworkCountryIso();
+		return tm == null ? "" : tm.getNetworkCountryIso();
 	}
 
 	private String getCountryFromSimCard() {
 		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
 		TelephonyManager tm = (TelephonyManager) o;
-		return tm.getSimCountryIso();
+		return tm == null ? "" : tm.getSimCountryIso();
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java

@@ -3,18 +3,30 @@ package org.briarproject.bramble.util;
 import android.annotation.SuppressLint;
 import android.bluetooth.BluetoothAdapter;
 import android.content.Context;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
 import android.os.Build;
 import android.provider.Settings;
 
+import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.io.File;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 
+import javax.annotation.Nullable;
+
 import static android.content.Context.MODE_PRIVATE;
 import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Arrays.asList;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
 
+@NotNullByDefault
 public class AndroidUtils {
 
 	// Fake Bluetooth address returned by BluetoothAdapter on API 23 and later
@@ -22,11 +34,10 @@ public class AndroidUtils {
 
 	private static final String STORED_REPORTS = "dev-reports";
 
-	@SuppressWarnings("deprecation")
 	public static Collection<String> getSupportedArchitectures() {
 		List<String> abis = new ArrayList<>();
 		if (SDK_INT >= 21) {
-			abis.addAll(Arrays.asList(Build.SUPPORTED_ABIS));
+			abis.addAll(asList(Build.SUPPORTED_ABIS));
 		} else {
 			abis.add(Build.CPU_ABI);
 			if (Build.CPU_ABI2 != null) abis.add(Build.CPU_ABI2);
@@ -36,25 +47,89 @@ public class AndroidUtils {
 
 	public static String getBluetoothAddress(Context ctx,
 			BluetoothAdapter adapter) {
+		return getBluetoothAddressAndMethod(ctx, adapter).getFirst();
+	}
+
+	public static Pair<String, String> getBluetoothAddressAndMethod(Context ctx,
+			BluetoothAdapter adapter) {
 		// Return the adapter's address if it's valid and not fake
 		@SuppressLint("HardwareIds")
 		String address = adapter.getAddress();
-		if (isValidBluetoothAddress(address)) return address;
+		if (isValidBluetoothAddress(address)) {
+			return new Pair<>(address, "adapter");
+		}
 		// Return the address from settings if it's valid and not fake
 		address = Settings.Secure.getString(ctx.getContentResolver(),
 				"bluetooth_address");
-		if (isValidBluetoothAddress(address)) return address;
+		if (isValidBluetoothAddress(address)) {
+			return new Pair<>(address, "settings");
+		}
+		// Try to get the address via reflection
+		address = getBluetoothAddressByReflection(adapter);
+		if (isValidBluetoothAddress(address)) {
+			return new Pair<>(requireNonNull(address), "reflection");
+		}
 		// Let the caller know we can't find the address
-		return "";
+		return new Pair<>("", "");
 	}
 
-	private static boolean isValidBluetoothAddress(String address) {
+	public static boolean isValidBluetoothAddress(@Nullable String address) {
 		return !StringUtils.isNullOrEmpty(address)
 				&& BluetoothAdapter.checkBluetoothAddress(address)
 				&& !address.equals(FAKE_BLUETOOTH_ADDRESS);
 	}
 
+	@Nullable
+	private static String getBluetoothAddressByReflection(
+			BluetoothAdapter adapter) {
+		try {
+			Field mServiceField =
+					adapter.getClass().getDeclaredField("mService");
+			mServiceField.setAccessible(true);
+			Object mService = mServiceField.get(adapter);
+			// mService may be null when Bluetooth is disabled
+			if (mService == null) throw new NoSuchFieldException();
+			Method getAddressMethod =
+					mService.getClass().getMethod("getAddress");
+			return (String) getAddressMethod.invoke(mService);
+		} catch (NoSuchFieldException e) {
+			return null;
+		} catch (IllegalAccessException e) {
+			return null;
+		} catch (NoSuchMethodException e) {
+			return null;
+		} catch (InvocationTargetException e) {
+			return null;
+		} catch (SecurityException e) {
+			return null;
+		}
+	}
+
 	public static File getReportDir(Context ctx) {
 		return ctx.getDir(STORED_REPORTS, MODE_PRIVATE);
 	}
+
+	/**
+	 * Returns an array of supported content types for image attachments.
+	 * GIFs can't be compressed on API < 24 so they're not supported.
+	 * <p>
+	 * TODO: Remove this restriction when large message support is added
+	 */
+	public static String[] getSupportedImageContentTypes() {
+		if (SDK_INT < 24) return new String[] {"image/jpeg", "image/png"};
+		else return new String[] {"image/jpeg", "image/png", "image/gif"};
+	}
+
+	public static String getWakeLockTag(Context ctx) {
+		PackageManager pm = ctx.getPackageManager();
+		for (PackageInfo info : pm.getInstalledPackages(0)) {
+			String name = info.packageName.toLowerCase();
+			if (name.startsWith("com.huawei.powergenie")) {
+				return "LocationManagerService";
+			} else if (name.startsWith("com.evenwell.powermonitor")) {
+				return "AudioIn";
+			}
+		}
+		return ctx.getPackageName();
+	}
 }

bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java

@@ -16,13 +16,10 @@ import org.junit.Test;
 
 import java.io.File;
 
-import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertFalse;
 import static junit.framework.Assert.assertTrue;
 import static org.briarproject.bramble.test.TestUtils.deleteTestDirectory;
-import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getTestDirectory;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
 
 public class AndroidAccountManagerTest extends BrambleMockTestCase {
 
@@ -40,11 +37,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 	private final Application app;
 	private final ApplicationInfo applicationInfo;
 
-	private final String encryptedKeyHex = toHexString(getRandomBytes(123));
 	private final File testDir = getTestDirectory();
 	private final File keyDir = new File(testDir, "key");
-	private final File keyFile = new File(keyDir, "db.key");
-	private final File keyBackupFile = new File(keyDir, "db.key.bak");
 	private final File dbDir = new File(testDir, "db");
 
 	private AndroidAccountManager accountManager;
@@ -75,33 +69,12 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 		};
 	}
 
-	@Test
-	public void testDbKeyIsMigratedFromPreferencesToFile() {
-		context.checking(new Expectations() {{
-			oneOf(prefs).getString("key", null);
-			will(returnValue(encryptedKeyHex));
-			oneOf(prefs).edit();
-			will(returnValue(editor));
-			oneOf(editor).remove("key");
-			will(returnValue(editor));
-			oneOf(editor).commit();
-			will(returnValue(true));
-		}});
-
-		assertFalse(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
-
-		assertEquals(encryptedKeyHex,
-				accountManager.loadEncryptedDatabaseKey());
-
-		assertTrue(keyFile.exists());
-		assertTrue(keyBackupFile.exists());
-	}
-
 	@Test
 	public void testDeleteAccountClearsSharedPrefsAndDeletesFiles()
 			throws Exception {
-		// Directories 'lib' and 'shared_prefs' should be spared
+		// Directories 'code_cache', 'lib' and 'shared_prefs' should be spared
+		File codeCacheDir = new File(testDir, "code_cache");
+		File codeCacheFile = new File(codeCacheDir, "file");
 		File libDir = new File(testDir, "lib");
 		File libFile = new File(libDir, "file");
 		File sharedPrefsDir = new File(testDir, "shared_prefs");
@@ -140,6 +113,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 
 		assertTrue(dbDir.mkdirs());
 		assertTrue(keyDir.mkdirs());
+		assertTrue(codeCacheDir.mkdirs());
+		assertTrue(codeCacheFile.createNewFile());
 		assertTrue(libDir.mkdirs());
 		assertTrue(libFile.createNewFile());
 		assertTrue(sharedPrefsDir.mkdirs());
@@ -155,6 +130,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 
 		assertFalse(dbDir.exists());
 		assertFalse(keyDir.exists());
+		assertTrue(codeCacheDir.exists());
+		assertTrue(codeCacheFile.exists());
 		assertTrue(libDir.exists());
 		assertTrue(libFile.exists());
 		assertTrue(sharedPrefsDir.exists());

bramble-android/witness.gradle

@@ -1,44 +1,46 @@
 dependencyVerification {
     verify = [
         'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
-        'com.android.tools.analytics-library:protos:26.4.0:protos-26.4.0.jar:ad760915586797d39319f402837b378bff3bb4ed583e3e0c48c965631fb2135f',
+        'com.android.tools.analytics-library:protos:26.5.1:protos-26.5.1.jar:8dde1130725461fe827f2a343d353f2b51e8870661fc860d7d5ebddb097ead4e',
-        'com.android.tools.analytics-library:shared:26.4.0:shared-26.4.0.jar:1332106a905d48909c81268c9e414946de3e83487db394c6073b0a9b5c3d0ed2',
+        'com.android.tools.analytics-library:shared:26.5.1:shared-26.5.1.jar:ccc2f3b00ec17b11401610ba68553544fc8fc517120e84439ac6eb86b875e18d',
-        'com.android.tools.analytics-library:tracker:26.4.0:tracker-26.4.0.jar:d0020cfbfd4cd75935f2972d6a24089840d4a10df6f3ef2a796093217dd37796',
+        'com.android.tools.analytics-library:tracker:26.5.1:tracker-26.5.1.jar:3a76984c0fe2e847ca7a8b35b4780ef0447a9d1666946cb8e60466318e0ab5ae',
-        'com.android.tools.build:apksig:3.4.0:apksig-3.4.0.jar:91d5a1866139c69756280355a6f61b4d619d0516841580114f45a10f2177327e',
+        'com.android.tools.build:aapt2-proto:0.4.0:aapt2-proto-0.4.0.jar:fac0435e08898f89eeeb9ca236bea707155ff816c12205ced285ad53604133ca',
-        'com.android.tools.build:apkzlib:3.4.0:apkzlib-3.4.0.jar:8653c85f5fdf1dde840e8b8af7396aeb79c34b66e541b5860059616006535592',
+        'com.android.tools.build:apksig:3.5.1:apksig-3.5.1.jar:1fd33e7f009a2a0da766cfeec4211a09f548034b015c289a66d75dd8a9302f4a',
-        'com.android.tools.build:builder-model:3.4.0:builder-model-3.4.0.jar:a88f138124a9f016a70bcb4760359a502f65c7deed56507ee4014f4dd9ea853b',
+        'com.android.tools.build:apkzlib:3.5.1:apkzlib-3.5.1.jar:9f330167cbe973b7db407692f74f4f6453b7ffa5f2048934b06280c2ceee60fa',
-        'com.android.tools.build:builder-test-api:3.4.0:builder-test-api-3.4.0.jar:31089ab1ec19ca7687a010867d2f3807513c805b8226979706f4247b5d4df26f',
+        'com.android.tools.build:builder-model:3.5.1:builder-model-3.5.1.jar:39ea3c82b76b6e0c9f9fa88d93e0edc1dd4a0f1dfae0ef6fbf2d451da47e5450',
-        'com.android.tools.build:builder:3.4.0:builder-3.4.0.jar:476221b5203a7f50089bf185ed95000a34b6f5020ef0a17815afd58606922679',
+        'com.android.tools.build:builder-test-api:3.5.1:builder-test-api-3.5.1.jar:a1b59305584cbcaa078fdc9cfb80871012755b822dd32e8da19add6f7bbcb762',
-        'com.android.tools.build:gradle-api:3.4.0:gradle-api-3.4.0.jar:215eca38f6719213c2f492b4d622cdd11676c66c9871f8a2aed0c66d00175628',
+        'com.android.tools.build:builder:3.5.1:builder-3.5.1.jar:e3a8d382434c5f60990730c4719fc814e85a898a33a1e96c1df8d627d3c6eea6',
-        'com.android.tools.build:manifest-merger:26.4.0:manifest-merger-26.4.0.jar:29e45e690dedd165035e97c21c2ca94d0bd4ec16b6b210daa26669a582b6f220',
+        'com.android.tools.build:gradle-api:3.5.1:gradle-api-3.5.1.jar:be9b41859bace11998f66b04ed944f87e413f3ad6da3c4665587699da125addc',
-        'com.android.tools.ddms:ddmlib:26.4.0:ddmlib-26.4.0.jar:93f56fe4630c3166adbd6c51d7bb602d96abb91b07ba5b1165fdcd071e88c940',
+        'com.android.tools.build:manifest-merger:26.5.1:manifest-merger-26.5.1.jar:dcad9ecb967251f4d750f55a4204a2b400e8fbfe5cb930a1d0d5dbe10ae8bdfc',
-        'com.android.tools.external.com-intellij:intellij-core:26.4.0:intellij-core-26.4.0.jar:30cb0e879d4424de9677a50b537fb628636b4a50f5470af5e52437980c41421f',
+        'com.android.tools.ddms:ddmlib:26.5.1:ddmlib-26.5.1.jar:b081aef2a4ed3f4d47cae4cdb128469735f25a114e026d37123bf9ffdec742a8',
-        'com.android.tools.external.com-intellij:kotlin-compiler:26.4.0:kotlin-compiler-26.4.0.jar:dd1fe225c31a0e012dc025336363a5b783e2c5c20ffb69e77f8f57e89420d998',
+        'com.android.tools.external.com-intellij:intellij-core:26.5.1:intellij-core-26.5.1.jar:20eced30adc124805bd93488d9cd9d3e33e6bf7b48e9fe5a703d4983f894d450',
-        'com.android.tools.external.org-jetbrains:uast:26.4.0:uast-26.4.0.jar:f25f3285b775a983327583ff6584dea54e447813ef69e0ce08b05a45b5f4aab0',
+        'com.android.tools.external.com-intellij:kotlin-compiler:26.5.1:kotlin-compiler-26.5.1.jar:5aed762dd54875b77ae7018d97c05756ff0c5b9fd02ec595dd396ccd14cc22cb',
-        'com.android.tools.layoutlib:layoutlib-api:26.4.0:layoutlib-api-26.4.0.jar:52128f5cf293b224072be361919bfd416e59480ab7264ddcdbbf046b0d7a12e3',
+        'com.android.tools.external.org-jetbrains:uast:26.5.1:uast-26.5.1.jar:4bc8653d6c0943f40fee963a149e36c6baa45683d2530968a13f5007e3c40740',
-        'com.android.tools.lint:lint-api:26.4.0:lint-api-26.4.0.jar:fdb8fca8ae4c254f438338d03d72605e00ed106f2d5550405af41ca1c8509401',
+        'com.android.tools.layoutlib:layoutlib-api:26.5.1:layoutlib-api-26.5.1.jar:88732f11396c427273e515d23042e35633f4fe4295528a99b866aa2adf0efd9c',
-        'com.android.tools.lint:lint-checks:26.4.0:lint-checks-26.4.0.jar:4ff52d40488cd3e22b9c6b2eb67784e0c3269d0b42ef9d17689cd75a7b2bceb4',
+        'com.android.tools.lint:lint-api:26.5.1:lint-api-26.5.1.jar:ec33fcd72bfaf70dd841e03fbfd93f109c2e575aec146067c606689c3972f0de',
-        'com.android.tools.lint:lint-gradle-api:26.4.0:lint-gradle-api-26.4.0.jar:714b7a85c7d2aa10daeab16e969fe7530c659d0728a7f24021da456870418d0f',
+        'com.android.tools.lint:lint-checks:26.5.1:lint-checks-26.5.1.jar:a1b9607d484aaae7a71dcecdc76f8003d8239af226c776894a2cf63f9e6c60d7',
-        'com.android.tools.lint:lint-gradle:26.4.0:lint-gradle-26.4.0.jar:b8c130d273f522388734457e1b96790f41528fcec6fda9e8eaa4e4d95a07cfbb',
+        'com.android.tools.lint:lint-gradle-api:26.5.1:lint-gradle-api-26.5.1.jar:82453fd98a8394cc84ed995c04d2cd744abd1d6589403427ba7eef53115406f3',
-        'com.android.tools.lint:lint:26.4.0:lint-26.4.0.jar:83aa062fb0405b60ed358d858c8c2955e1bae44a455b498068c6a60988755f00',
+        'com.android.tools.lint:lint-gradle:26.5.1:lint-gradle-26.5.1.jar:59465b56cf7db77c656d5f8195d721c3d48b6bdd0502d774de335bfe4baff00b',
-        'com.android.tools:annotations:26.4.0:annotations-26.4.0.jar:a7955b8e19c3a2a861d6faa43a58b7c0d46ea9112188ee3e235c6f9f439ecc1a',
+        'com.android.tools.lint:lint:26.5.1:lint-26.5.1.jar:336e4b04ec6f8b0f25879131b7a7862d77df83a1879ee5b71be26128755f8e2e',
-        'com.android.tools:common:26.4.0:common-26.4.0.jar:ea40b94b3c1284ea7700f011388e2906a8363a66abd902891722b3c557984852',
+        'com.android.tools:annotations:26.5.1:annotations-26.5.1.jar:2c43c82f8c59d8f7a61e3239e1a2dc9f69dc342ec09af9b7c9f69b25337c0b6e',
-        'com.android.tools:dvlib:26.4.0:dvlib-26.4.0.jar:23af89c535b01ba36ceed1b6b309b672814eba624e643cd7dedf0519edad50cc',
+        'com.android.tools:common:26.5.1:common-26.5.1.jar:eccfa54486ed54c4e3123cc42195d023bd0dd21bcd2f0e4868e8c6fc70f8ef6b',
-        'com.android.tools:repository:26.4.0:repository-26.4.0.jar:3d1763ab46199374dc6d94129bba11c70f1d5857e2c81a3ac4898abca40b176b',
+        'com.android.tools:dvlib:26.5.1:dvlib-26.5.1.jar:46f93ad498b4756e7d867d2fe38c38890a80e7407a4ae459e4a8c8d5c5aeacfe',
-        'com.android.tools:sdk-common:26.4.0:sdk-common-26.4.0.jar:78a522525b30ffc6b7bf1299c831d24ce385f68a9f4878f8f752e9baefa31b0f',
+        'com.android.tools:repository:26.5.1:repository-26.5.1.jar:2b3ee791aa4c3e8ce60498c161a27ca7228816fc630eed4d9f25f2f36a106dce',
-        'com.android.tools:sdklib:26.4.0:sdklib-26.4.0.jar:b854c23892013a326d761cf071c72cf3e038ed0469d10f4a356829fa56e4c132',
+        'com.android.tools:sdk-common:26.5.1:sdk-common-26.5.1.jar:365f749676c3574676fd465177c8a492f340816db2b520d6ed114d3b6e77bea7',
-        'com.google.code.findbugs:jsr305:1.3.9:jsr305-1.3.9.jar:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed',
+        'com.android.tools:sdklib:26.5.1:sdklib-26.5.1.jar:007da104afb27c8c682a1628023fe9ec438249c8d15ef0fd6624c5bb8e23b696',
         'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
-        'com.google.code.gson:gson:2.8.0:gson-2.8.0.jar:c6221763bd79c4f1c3dc7f750b5f29a0bb38b367b81314c4f71896e340c40825',
+        'com.google.code.gson:gson:2.8.5:gson-2.8.5.jar:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81',
-        'com.google.dagger:dagger-compiler:2.22.1:dagger-compiler-2.22.1.jar:e5f28302cbe70a79d3620cddebfb8ec0736814f3980ffe1e673bfe3342f507d3',
+        'com.google.dagger:dagger-compiler:2.24:dagger-compiler-2.24.jar:3c5afb955fb188da485cb2c048eff37dce0e1530b9780a0f2f7187d16d1ccc1f',
-        'com.google.dagger:dagger-producers:2.22.1:dagger-producers-2.22.1.jar:f834a0082014213a68ff06a0f048d750178d02196c58b0b15beb367d32b97e35',
+        'com.google.dagger:dagger-producers:2.24:dagger-producers-2.24.jar:f10f45b95191954d5d6b043fca9e62fb621d21bf70634b8f8476c7988b504c3a',
-        'com.google.dagger:dagger-spi:2.22.1:dagger-spi-2.22.1.jar:4b0b922793b3bcb91b99fabb75dba77c68afd7ae4c5f0c4fd6ba681f0a291c7d',
+        'com.google.dagger:dagger-spi:2.24:dagger-spi-2.24.jar:c038445d14dbcb4054e61bf49e05009edf26fce4fdc7ec1a9db544784f68e718',
-        'com.google.dagger:dagger:2.22.1:dagger-2.22.1.jar:329d4340f24c4f5717af016c097e90668bfea2a5376e6aa9964b01cef3fd241a',
+        'com.google.dagger:dagger:2.24:dagger-2.24.jar:550a6e46a6dfcdf1d764887b6090cea94f783327e50e5c73754f18facfc70b64',
-        'com.google.errorprone:error_prone_annotations:2.1.3:error_prone_annotations-2.1.3.jar:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8',
+        'com.google.errorprone:error_prone_annotations:2.2.0:error_prone_annotations-2.2.0.jar:6ebd22ca1b9d8ec06d41de8d64e0596981d9607b42035f9ed374f9de271a481a',
         'com.google.errorprone:javac-shaded:9-dev-r4023-3:javac-shaded-9-dev-r4023-3.jar:65bfccf60986c47fbc17c9ebab0be626afc41741e0a6ec7109e0768817a36f30',
         'com.google.googlejavaformat:google-java-format:1.5:google-java-format-1.5.jar:aa19ad7850fb85178aa22f2fddb163b84d6ce4d0035872f30d4408195ca1144e',
-        'com.google.guava:guava:25.0-jre:guava-25.0-jre.jar:3fd4341776428c7e0e5c18a7c10de129475b69ab9d30aeafbb5c277bb6074fa9',
+        'com.google.guava:failureaccess:1.0.1:failureaccess-1.0.1.jar:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26',
-        'com.google.guava:guava:26.0-jre:guava-26.0-jre.jar:a0e9cabad665bc20bcd2b01f108e5fc03f756e13aea80abaadb9f407033bea2c',
+        'com.google.guava:guava:27.0.1-jre:guava-27.0.1-jre.jar:e1c814fd04492a27c38e0317eabeaa1b3e950ec8010239e400fe90ad6c9107b4',
+        'com.google.guava:guava:27.1-jre:guava-27.1-jre.jar:4a5aa70cc968a4d137e599ad37553e5cfeed2265e8c193476d7119036c536fe7',
+        'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava:listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99',
         'com.google.j2objc:j2objc-annotations:1.1:j2objc-annotations-1.1.jar:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6',
         'com.google.jimfs:jimfs:1.1:jimfs-1.1.jar:c4828e28d7c0a930af9387510b3bada7daa5c04d7c25a75c7b8b081f1c257ddd',
         'com.google.protobuf:protobuf-java:3.4.0:protobuf-java-3.4.0.jar:dce7e66b32456a1b1198da0caff3a8acb71548658391e798c79369241e6490a4',
@@ -55,6 +57,7 @@ dependencyVerification {
         'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
         'javax.xml.bind:jaxb-api:2.2.12-b140109.1041:jaxb-api-2.2.12-b140109.1041.jar:b5e60cd8b7b5ff01ce4a74c5dd008f4fbd14ced3495d0b47b85cfedc182211f2',
         'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
+        'net.ltgt.gradle.incap:incap:0.2:incap-0.2.jar:b625b9806b0f1e4bc7a2e3457119488de3cd57ea20feedd513db070a573a4ffd',
         'net.sf.jopt-simple:jopt-simple:4.9:jopt-simple-4.9.jar:26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5',
         'net.sf.kxml:kxml2:2.3.0:kxml2-2.3.0.jar:f264dd9f79a1fde10ce5ecc53221eff24be4c9331c830b7d52f2f08a7b633de2',
         'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
@@ -67,21 +70,21 @@ dependencyVerification {
         'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
         'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
         'org.briarproject:obfs4proxy-android:0.0.11-2:obfs4proxy-android-0.0.11-2.zip:57e55cbe87aa2aac210fdbb6cd8cdeafe15f825406a08ebf77a8b787aa2c6a8a',
-        'org.briarproject:tor-android:0.3.5.8-64:tor-android-0.3.5.8-64.zip:9f144088c0fe845d1cf3232cdc2b51c68e6f9a22660592009f43a5633fca8824',
+        'org.briarproject:tor-android:0.3.5.10:tor-android-0.3.5.10.zip:edd83bf557fcff2105eaa0bdb3f607a6852ebe7360920929ae3039dd5f4774c5',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
         'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
         'org.codehaus.groovy:groovy-all:2.4.15:groovy-all-2.4.15.jar:51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0',
-        'org.codehaus.mojo:animal-sniffer-annotations:1.14:animal-sniffer-annotations-1.14.jar:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d',
+        'org.codehaus.mojo:animal-sniffer-annotations:1.17:animal-sniffer-annotations-1.17.jar:92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53',
         'org.glassfish.jaxb:jaxb-core:2.2.11:jaxb-core-2.2.11.jar:37bcaee8ebb04362c8352a5bf6221b86967ecdab5164c696b10b9a2bb587b2aa',
         'org.glassfish.jaxb:jaxb-runtime:2.2.11:jaxb-runtime-2.2.11.jar:a874f2351cfba8e2946be3002d10c18a6da8f21b52ba2acf52f2b85d5520ed70',
         'org.glassfish.jaxb:txw2:2.2.11:txw2-2.2.11.jar:272a3ccad45a4511351920cd2a8633c53cab8d5220c7a92954da5526bb5eafea',
         'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
         'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
-        'org.jetbrains.kotlin:kotlin-reflect:1.3.21:kotlin-reflect-1.3.21.jar:a3065c822633191e0a3e3ee12a29bec234fc4b2864a6bb87ef48cce3e9e0c26a',
+        'org.jetbrains.kotlin:kotlin-reflect:1.3.50:kotlin-reflect-1.3.50.jar:64583199ea5a54aefd1bd1595288925f784226ee562d1dd279011c6075b3d7a4',
-        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.21:kotlin-stdlib-common-1.3.21.jar:cea61f7b611895e64f58569a9757fc0ab0d582f107211e1930e0ce2a0add52a7',
+        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.50:kotlin-stdlib-common-1.3.50.jar:8ce678e88e4ba018b66dacecf952471e4d7dfee156a8a819760a5a5ff29d323c',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.21:kotlin-stdlib-jdk7-1.3.21.jar:a87875604fd42140da6938ae4d35ee61081f4482536efc6d2615b8b626a198af',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.50:kotlin-stdlib-jdk7-1.3.50.jar:9a026639e76212f8d57b86d55b075394c2e009f1979110751d34c05c5f75d57b',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.21:kotlin-stdlib-jdk8-1.3.21.jar:5823ed66ac122a1c55442ebca5a209a843ccd87f562edc31a787f3d2e47f74d4',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.50:kotlin-stdlib-jdk8-1.3.50.jar:1b351fb6e09c14b55525c74c1f4cf48942eae43c348b7bc764a5e6e423d4da0c',
-        'org.jetbrains.kotlin:kotlin-stdlib:1.3.21:kotlin-stdlib-1.3.21.jar:38ba2370d9f06f50433e06b2ca775b94473c2e2785f410926079ab793c72b034',
+        'org.jetbrains.kotlin:kotlin-stdlib:1.3.50:kotlin-stdlib-1.3.50.jar:e6f05746ee0366d0b52825a090fac474dcf44082c9083bbb205bd16976488d6c',
         'org.jetbrains.trove4j:trove4j:20160824:trove4j-20160824.jar:1917871c8deb468307a584680c87a44572f5a8b0b98c6d397fc0f5f86596dbe7',
         'org.jetbrains:annotations:13.0:annotations-13.0.jar:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478',
         'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',

bramble-api/build.gradle

@@ -7,7 +7,7 @@ apply plugin: 'witness'
 apply from: 'witness.gradle'
 
 dependencies {
-	implementation "com.google.dagger:dagger:2.22.1"
+	implementation "com.google.dagger:dagger:2.24"
 	implementation 'com.google.code.findbugs:jsr305:3.0.2'
 
 	testImplementation 'junit:junit:4.12'

bramble-api/src/main/java/org/briarproject/bramble/api/FeatureFlags.java

@@ -6,6 +6,4 @@ package org.briarproject.bramble.api;
 public interface FeatureFlags {
 
 	boolean shouldEnableImageAttachments();
-
-	boolean shouldEnablePrivateMessageDeletion();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/account/AccountManager.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.api.account;
 
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -13,7 +14,8 @@ public interface AccountManager {
 	 * Returns true if the manager has the database key. This will be false
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and true after {@link #createAccount(String, String)}
-	 * or {@link #signIn(String)} has returned true, until the process exits.
+	 * or {@link #signIn(String)} has returned true, until
+	 * {@link #deleteAccount()} is called or the process exits.
 	 */
 	boolean hasDatabaseKey();
 
@@ -22,25 +24,22 @@ public interface AccountManager {
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and non-null after
 	 * {@link #createAccount(String, String)} or {@link #signIn(String)} has
-	 * returned true, until the process exits.
+	 * returned true, until {@link #deleteAccount()} is called or the process
+	 * exits.
 	 */
 	@Nullable
 	SecretKey getDatabaseKey();
 
 	/**
-	 * Returns true if the encrypted database key can be loaded from disk, and
+	 * Returns true if the encrypted database key can be loaded from disk.
-	 * the database directory exists and is a directory.
 	 */
 	boolean accountExists();
 
 	/**
 	 * Creates an identity with the given name and registers it with the
 	 * {@link IdentityManager}. Creates a database key, encrypts it with the
-	 * given password and stores it on disk.
+	 * given password and stores it on disk. {@link #accountExists()} will
-	 * <p/>
+	 * return true after this method returns true.
-	 * This method does not create the database directory, so
-	 * {@link #accountExists()} will continue to return false until the
-	 * database directory is created.
 	 */
 	boolean createAccount(String name, String password);
 
@@ -54,17 +53,19 @@ public interface AccountManager {
 	 * Loads the encrypted database key from disk and decrypts it with the
 	 * given password.
 	 *
-	 * @return true if the database key was successfully loaded and decrypted.
+	 * @throws DecryptionException If the database key could not be loaded and
+	 * decrypted.
 	 */
-	boolean signIn(String password);
+	void signIn(String password) throws DecryptionException;
 
 	/**
 	 * Loads the encrypted database key from disk, decrypts it with the old
 	 * password, encrypts it with the new password, and stores it on disk,
 	 * replacing the old key.
 	 *
-	 * @return true if the database key was successfully loaded, re-encrypted
+	 * @throws DecryptionException If the database key could not be loaded and
-	 * and stored.
+	 * decrypted.
 	 */
-	boolean changePassword(String oldPassword, String newPassword);
+	void changePassword(String oldPassword, String newPassword)
+			throws DecryptionException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionManager.java

@@ -1,8 +1,11 @@
-package org.briarproject.bramble.api.plugin;
+package org.briarproject.bramble.api.connection;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionRegistry.java

@@ -0,0 +1,130 @@
+package org.briarproject.bramble.api.connection;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
+
+import java.util.Collection;
+
+/**
+ * Keeps track of which contacts are currently connected by which transports.
+ */
+@NotNullByDefault
+public interface ConnectionRegistry {
+
+	/**
+	 * Registers an incoming connection from the given contact over the given
+	 * transport. The connection's {@link Priority priority} can be set later
+	 * via {@link #setPriority(ContactId, TransportId, InterruptibleConnection,
+	 * Priority)} if a priority record is received from the contact.
+	 * <p>
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 */
+	void registerIncomingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn);
+
+	/**
+	 * Registers an outgoing connection to the given contact over the given
+	 * transport.
+	 * <p>
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 * <p>
+	 * If the registry has any "better" connections with the given contact, the
+	 * given connection will be interrupted. If the registry has any "worse"
+	 * connections with the given contact, those connections will be
+	 * interrupted.
+	 * <p>
+	 * Connection A is considered "better" than connection B if both
+	 * connections have had their priorities set, and either A's transport is
+	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
+	 * they use the same transport and A has higher {@link Priority priority}
+	 * than B.
+	 * <p>
+	 * For backward compatibility, connections without priorities are not
+	 * considered better or worse than other connections.
+	 */
+	void registerOutgoingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority);
+
+	/**
+	 * Unregisters a connection with the given contact over the given transport.
+	 * <p>
+	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
+	 * {@link ContactDisconnectedEvent} if this is the only connection with
+	 * the contact.
+	 */
+	void unregisterConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming, boolean exception);
+
+	/**
+	 * Sets the {@link Priority priority} of a connection that was previously
+	 * registered via {@link #registerIncomingConnection(ContactId, TransportId,
+	 * InterruptibleConnection)}.
+	 * <p>
+	 * If the registry has any "better" connections with the given contact, the
+	 * given connection will be interrupted. If the registry has any "worse"
+	 * connections with the given contact, those connections will be
+	 * interrupted.
+	 * <p>
+	 * Connection A is considered "better" than connection B if both
+	 * connections have had their priorities set, and either A's transport is
+	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
+	 * they use the same transport and A has higher {@link Priority priority}
+	 * than B.
+	 * <p>
+	 * For backward compatibility, connections without priorities are not
+	 * considered better or worse than other connections.
+	 */
+	void setPriority(ContactId c, TransportId t, InterruptibleConnection conn,
+			Priority priority);
+
+	/**
+	 * Returns any contacts that are connected via the given transport.
+	 */
+	Collection<ContactId> getConnectedContacts(TransportId t);
+
+	/**
+	 * Returns any contacts that are connected via the given transport or any
+	 * {@link PluginConfig#getTransportPreferences() better} transport.
+	 */
+	Collection<ContactId> getConnectedOrBetterContacts(TransportId t);
+
+	/**
+	 * Returns true if the given contact is connected via the given transport.
+	 */
+	boolean isConnected(ContactId c, TransportId t);
+
+	/**
+	 * Returns true if the given contact is connected via any transport.
+	 */
+	boolean isConnected(ContactId c);
+
+	/**
+	 * Registers a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
+	 * with the pending contact.
+	 *
+	 * @return True if this is the only connection with the pending contact,
+	 * false if it is redundant and should be closed
+	 */
+	boolean registerConnection(PendingContactId p);
+
+	/**
+	 * Unregisters a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionClosedEvent}.
+	 */
+	void unregisterConnection(PendingContactId p, boolean success);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/connection/InterruptibleConnection.java

@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.connection;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A duplex sync connection that can be closed by interrupting its outgoing
+ * sync session.
+ */
+@NotNullByDefault
+public interface InterruptibleConnection {
+
+	/**
+	 * Interrupts the connection's outgoing sync session. If the underlying
+	 * transport connection is alive and the remote peer is cooperative, this
+	 * should result in both sync sessions ending and the connection being
+	 * cleanly closed.
+	 */
+	void interruptOutgoingSession();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -132,17 +132,33 @@ public interface CryptoComponent {
 	 * storage. The encryption and authentication keys are derived from the
 	 * given password. The ciphertext will be decryptable using the same
 	 * password after the app restarts.
+	 *
+	 * @param keyStrengthener Used to strengthen the password-based key. If
+	 * null, the password-based key will not be strengthened
 	 */
-	byte[] encryptWithPassword(byte[] plaintext, String password);
+	byte[] encryptWithPassword(byte[] plaintext, String password,
+			@Nullable KeyStrengthener keyStrengthener);
 
 	/**
 	 * Decrypts and authenticates the given ciphertext that has been read from
 	 * storage. The encryption and authentication keys are derived from the
-	 * given password. Returns null if the ciphertext cannot be decrypted and
+	 * given password.
+	 *
+	 * @param keyStrengthener Used to strengthen the password-based key. If
+	 * null, or if strengthening was not used when encrypting the ciphertext,
+	 * the password-based key will not be strengthened
+	 * @throws DecryptionException If the ciphertext cannot be decrypted and
 	 * authenticated (for example, if the password is wrong).
 	 */
-	@Nullable
+	byte[] decryptWithPassword(byte[] ciphertext, String password,
-	byte[] decryptWithPassword(byte[] ciphertext, String password);
+			@Nullable KeyStrengthener keyStrengthener)
+			throws DecryptionException;
+
+	/**
+	 * Returns true if the given ciphertext was encrypted using a strengthened
+	 * key. The validity of the ciphertext is not checked.
+	 */
+	boolean isEncryptedWithStrengthenedKey(byte[] ciphertext);
 
 	/**
 	 * Encrypts the given plaintext to the given public key.

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionException.java

@@ -0,0 +1,17 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public class DecryptionException extends Exception {
+
+	private final DecryptionResult result;
+
+	public DecryptionException(DecryptionResult result) {
+		this.result = result;
+	}
+
+	public DecryptionResult getDecryptionResult() {
+		return result;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionResult.java

@@ -0,0 +1,29 @@
+package org.briarproject.bramble.api.crypto;
+
+/**
+ * The result of a password-based decryption operation.
+ */
+public enum DecryptionResult {
+
+	/**
+	 * Decryption succeeded.
+	 */
+	SUCCESS,
+
+	/**
+	 * Decryption failed because the format of the ciphertext was invalid.
+	 */
+	INVALID_CIPHERTEXT,
+
+	/**
+	 * Decryption failed because the {@link KeyStrengthener} used for
+	 * encryption was not available for decryption.
+	 */
+	KEY_STRENGTHENER_ERROR,
+
+	/**
+	 * Decryption failed because the password used for decryption did not match
+	 * the password used for encryption.
+	 */
+	INVALID_PASSWORD
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStrengthener.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * Interface for strengthening a password-based key, for example by using a
+ * key stored in a key management service or hardware security module.
+ */
+@NotNullByDefault
+public interface KeyStrengthener {
+
+	/**
+	 * Returns true if the strengthener has been initialised.
+	 */
+	@SuppressWarnings("BooleanMethodIsAlwaysInverted")
+	boolean isInitialised();
+
+	/**
+	 * Initialises the strengthener if necessary and returns a strong key
+	 * derived from the given key.
+	 */
+	SecretKey strengthenKey(SecretKey k);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java

@@ -1,13 +1,29 @@
 package org.briarproject.bramble.api.db;
 
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.io.File;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface DatabaseConfig {
 
+	/**
+	 * Returns the directory where the database stores its data.
+	 */
 	File getDatabaseDirectory();
 
+	/**
+	 * Returns the directory where the encrypted database key is stored.
+	 */
 	File getDatabaseKeyDirectory();
+
+	/**
+	 * Returns a {@link KeyStrengthener} for strengthening the encryption of
+	 * the database key, or null if no strengthener should be used.
+	 */
+	@Nullable
+	KeyStrengthener getKeyStrengthener();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/event/EventBus.java

@@ -18,6 +18,8 @@ public interface EventBus {
 	/**
 	 * Asynchronously notifies all listeners of an event. Listeners are
 	 * notified on the {@link EventExecutor}.
+	 * <p>
+	 * This method can safely be called while holding a lock.
 	 */
 	void broadcast(Event e);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/io/TimeoutMonitor.java

@@ -0,0 +1,15 @@
+package org.briarproject.bramble.api.io;
+
+import java.io.InputStream;
+
+public interface TimeoutMonitor {
+
+	/**
+	 * Returns an {@link InputStream} that wraps the given stream and allows
+	 * read timeouts to be detected.
+	 *
+	 * @param timeoutMs The read timeout in milliseconds. Timeouts will be
+	 * detected eventually but are not guaranteed to be detected immediately.
+	 */
+	InputStream createTimeoutInputStream(InputStream in, long timeoutMs);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java

@@ -8,6 +8,4 @@ public interface BluetoothConstants {
 
 	String PROP_ADDRESS = "address";
 	String PROP_UUID = "uuid";
-
-	String PREF_BT_ENABLE = "enable";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionRegistry.java

@@ -1,67 +0,0 @@
-package org.briarproject.bramble.api.plugin;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-
-import java.util.Collection;
-
-/**
- * Keeps track of which contacts are currently connected by which transports.
- */
-@NotNullByDefault
-public interface ConnectionRegistry {
-
-	/**
-	 * Registers a connection with the given contact over the given transport.
-	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
-	 * {@link ContactConnectedEvent} if this is the only connection with the
-	 * contact.
-	 */
-	void registerConnection(ContactId c, TransportId t, boolean incoming);
-
-	/**
-	 * Unregisters a connection with the given contact over the given transport.
-	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
-	 * {@link ContactDisconnectedEvent} if this is the only connection with
-	 * the contact.
-	 */
-	void unregisterConnection(ContactId c, TransportId t, boolean incoming);
-
-	/**
-	 * Returns any contacts that are connected via the given transport.
-	 */
-	Collection<ContactId> getConnectedContacts(TransportId t);
-
-	/**
-	 * Returns true if the given contact is connected via the given transport.
-	 */
-	boolean isConnected(ContactId c, TransportId t);
-
-	/**
-	 * Returns true if the given contact is connected via any transport.
-	 */
-	boolean isConnected(ContactId c);
-
-	/**
-	 * Registers a connection with the given pending contact. Broadcasts
-	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
-	 * with the pending contact.
-	 *
-	 * @return True if this is the only connection with the pending contact,
-	 * false if it is redundant and should be closed
-	 */
-	boolean registerConnection(PendingContactId p);
-
-	/**
-	 * Unregisters a connection with the given pending contact. Broadcasts
-	 * {@link RendezvousConnectionClosedEvent}.
-	 */
-	void unregisterConnection(PendingContactId p, boolean success);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java

@@ -4,10 +4,12 @@ public interface LanTcpConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.lan");
 
-	// a transport property (shared with contacts)
+	// Transport properties (shared with contacts)
 	String PROP_IP_PORTS = "ipPorts";
+	String PROP_PORT = "port";
+	String PROP_IPV6 = "ipv6";
 
-	// a local setting
+	// Local settings (not shared with contacts)
 	String PREF_LAN_IP_PORTS = "ipPorts";
-
+	String PREF_IPV6 = "ipv6";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/Plugin.java

@@ -3,12 +3,55 @@ package org.briarproject.bramble.api.plugin;
 import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.settings.SettingsManager;
 
 import java.util.Collection;
 
 @NotNullByDefault
 public interface Plugin {
 
+	enum State {
+
+		/**
+		 * The plugin has not finished starting or has been stopped.
+		 */
+		STARTING_STOPPING,
+
+		/**
+		 * The plugin is disabled by settings. Use {@link #getReasonsDisabled()}
+		 * to find out which settings are responsible.
+		 */
+		DISABLED,
+
+		/**
+		 * The plugin is being enabled and can't yet make or receive
+		 * connections.
+		 */
+		ENABLING,
+
+		/**
+		 * The plugin is enabled and can make or receive connections.
+		 */
+		ACTIVE,
+
+		/**
+		 * The plugin is enabled but can't make or receive connections
+		 */
+		INACTIVE
+	}
+
+	/**
+	 * The string for the boolean preference
+	 * to use with the {@link SettingsManager} to enable or disable the plugin.
+	 */
+	String PREF_PLUGIN_ENABLE = "enable";
+
+	/**
+	 * Reason flag returned by {@link #getReasonsDisabled()} to indicate that
+	 * the plugin has been disabled by the user.
+	 */
+	int REASON_USER = 1;
+
 	/**
 	 * Returns the plugin's transport identifier.
 	 */
@@ -35,9 +78,18 @@ public interface Plugin {
 	void stop() throws PluginException;
 
 	/**
-	 * Returns true if the plugin is running.
+	 * Returns the current state of the plugin.
 	 */
-	boolean isRunning();
+	State getState();
+
+	/**
+	 * Returns a set of flags indicating why the plugin is
+	 * {@link State#DISABLED disabled}, or 0 if the plugin is not disabled.
+	 * <p>
+	 * The flags used are plugin-specific, except the generic flag
+	 * {@link #REASON_USER}, which may be used by any plugin.
+	 */
+	int getReasonsDisabled();
 
 	/**
 	 * Returns true if the plugin should be polled periodically to attempt to

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java

@@ -1,6 +1,10 @@
 package org.briarproject.bramble.api.plugin;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
+import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
+import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
+import org.briarproject.bramble.api.plugin.event.TransportStateEvent;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.settings.Settings;
 
@@ -32,12 +36,17 @@ public interface PluginCallback extends ConnectionHandler {
 	void mergeLocalProperties(TransportProperties p);
 
 	/**
-	 * Signals that the transport is enabled.
+	 * Informs the callback of the plugin's current state.
+	 * <p>
+	 * If the current state is different from the previous state, the callback
+	 * will broadcast a {@link TransportStateEvent}. If the current state is
+	 * {@link State#ACTIVE} and the previous state was not
+	 * {@link State#ACTIVE}, the callback will broadcast a
+	 * {@link TransportActiveEvent}. If the current state is not
+	 * {@link State#ACTIVE} and the previous state was {@link State#ACTIVE},
+	 * the callback will broadcast a {@link TransportInactiveEvent}.
+	 * <p>
+	 * This method can safely be called while holding a lock.
 	 */
-	void transportEnabled();
+	void pluginStateChanged(State state);
-
-	/**
-	 * Signals that the transport is disabled.
-	 */
-	void transportDisabled();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginConfig.java

@@ -5,6 +5,8 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 
 import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 
 @NotNullByDefault
 public interface PluginConfig {
@@ -14,4 +16,11 @@ public interface PluginConfig {
 	Collection<SimplexPluginFactory> getSimplexFactories();
 
 	boolean shouldPoll();
+
+	/**
+	 * Returns a map representing transport preferences. For each entry in the
+	 * map, connections via the transports identified by the value are
+	 * preferred to connections via the transport identified by the key.
+	 */
+	Map<TransportId, List<TransportId>> getTransportPreferences();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java

@@ -41,4 +41,17 @@ public interface PluginManager {
 	 * Returns any duplex plugins that support rendezvous.
 	 */
 	Collection<DuplexPlugin> getRendezvousPlugins();
+
+	/**
+	 * Enables or disables the plugin
+	 * identified by the given {@link TransportId}.
+	 * <p>
+	 * Note that this applies the change asynchronously
+	 * and there are no order guarantees.
+	 * <p>
+	 * If no plugin with the given {@link TransportId} is registered,
+	 * this is a no-op.
+	 */
+	void setPluginEnabled(TransportId t, boolean enabled);
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java

@@ -21,6 +21,21 @@ public interface TorConstants {
 	int PREF_TOR_NETWORK_AUTOMATIC = 0;
 	int PREF_TOR_NETWORK_WITHOUT_BRIDGES = 1;
 	int PREF_TOR_NETWORK_WITH_BRIDGES = 2;
+	// TODO: Remove when settings migration code is removed
 	int PREF_TOR_NETWORK_NEVER = 3;
 
+	/**
+	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 */
+	int REASON_BATTERY = 2;
+
+	/**
+	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 */
+	int REASON_MOBILE_DATA = 4;
+
+	/**
+	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 */
+	int REASON_COUNTRY_BLOCKED = 8;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractDuplexTransportConnection.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -14,6 +15,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
 public abstract class AbstractDuplexTransportConnection
 		implements DuplexTransportConnection {
 
+	protected final TransportProperties remote = new TransportProperties();
+
 	private final Plugin plugin;
 	private final Reader reader;
 	private final Writer writer;
@@ -44,6 +47,11 @@ public abstract class AbstractDuplexTransportConnection
 		return writer;
 	}
 
+	@Override
+	public TransportProperties getRemoteProperties() {
+		return remote;
+	}
+
 	private class Reader implements TransportConnectionReader {
 
 		@Override

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexTransportConnection.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 /**
  * An interface for reading and writing data over a duplex transport. The
@@ -23,4 +24,10 @@ public interface DuplexTransportConnection {
 	 * for writing to the connection.
 	 */
 	TransportConnectionWriter getWriter();
+
+	/**
+	 * Returns a possibly empty set of {@link TransportProperties} describing
+	 * the remote peer.
+	 */
+	TransportProperties getRemoteProperties();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/ConnectionClosedEvent.java

@@ -13,13 +13,14 @@ public class ConnectionClosedEvent extends Event {
 
 	private final ContactId contactId;
 	private final TransportId transportId;
-	private final boolean incoming;
+	private final boolean incoming, exception;
 
 	public ConnectionClosedEvent(ContactId contactId, TransportId transportId,
-			boolean incoming) {
+			boolean incoming, boolean exception) {
 		this.contactId = contactId;
 		this.transportId = transportId;
 		this.incoming = incoming;
+		this.exception = exception;
 	}
 
 	public ContactId getContactId() {
@@ -33,4 +34,8 @@ public class ConnectionClosedEvent extends Event {
 	public boolean isIncoming() {
 		return incoming;
 	}
+
+	public boolean isException() {
+		return exception;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportActiveEvent.java

@@ -2,20 +2,22 @@ package org.briarproject.bramble.api.plugin.event;
 
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.concurrent.Immutable;
 
 /**
- * An event that is broadcast when a transport is disabled.
+ * An event that is broadcast when a plugin enters the {@link State#ACTIVE}
+ * state.
  */
 @Immutable
 @NotNullByDefault
-public class TransportDisabledEvent extends Event {
+public class TransportActiveEvent extends Event {
 
 	private final TransportId transportId;
 
-	public TransportDisabledEvent(TransportId transportId) {
+	public TransportActiveEvent(TransportId transportId) {
 		this.transportId = transportId;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportInactiveEvent.java

@@ -2,20 +2,22 @@ package org.briarproject.bramble.api.plugin.event;
 
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.concurrent.Immutable;
 
 /**
- * An event that is broadcast when a transport is enabled.
+ * An event that is broadcast when a plugin leaves the {@link State#ACTIVE}
+ * state.
  */
 @Immutable
 @NotNullByDefault
-public class TransportEnabledEvent extends Event {
+public class TransportInactiveEvent extends Event {
 
 	private final TransportId transportId;
 
-	public TransportEnabledEvent(TransportId transportId) {
+	public TransportInactiveEvent(TransportId transportId) {
 		this.transportId = transportId;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportStateEvent.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.api.plugin.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when the {@link State state} of a plugin changes.
+ */
+@Immutable
+@NotNullByDefault
+public class TransportStateEvent extends Event {
+
+	private final TransportId transportId;
+	private final State state;
+
+	public TransportStateEvent(TransportId transportId, State state) {
+		this.transportId = transportId;
+		this.state = state;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+
+	public State getState() {
+		return state;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyConstants.java

@@ -11,4 +11,28 @@ public interface TransportPropertyConstants {
 	 * The maximum length of a property's key or value in UTF-8 bytes.
 	 */
 	int MAX_PROPERTY_LENGTH = 100;
+
+	/**
+	 * Message metadata key for the transport ID of a local or remote update,
+	 * as a BDF string.
+	 */
+	String MSG_KEY_TRANSPORT_ID = "transportId";
+
+	/**
+	 * Message metadata key for the version number of a local or remote update,
+	 * as a BDF long.
+	 */
+	String MSG_KEY_VERSION = "version";
+
+	/**
+	 * Message metadata key for whether an update is local or remote, as a BDF
+	 * boolean.
+	 */
+	String MSG_KEY_LOCAL = "local";
+
+	/**
+	 * Group metadata key for any discovered transport properties of the
+	 * contact, as a BDF dictionary.
+	 */
+	String GROUP_KEY_DISCOVERED = "discovered";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java

@@ -34,6 +34,14 @@ public interface TransportPropertyManager {
 	void addRemoteProperties(Transaction txn, ContactId c,
 			Map<TransportId, TransportProperties> props) throws DbException;
 
+	/**
+	 * Stores the given properties discovered from an incoming transport
+	 * connection. They will be overridden by any properties received while
+	 * adding the contact or synced from the contact.
+	 */
+	void addRemotePropertiesFromConnection(ContactId c, TransportId t,
+			TransportProperties props) throws DbException;
+
 	/**
 	 * Returns the local transport properties for all transports.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Priority.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A record containing a nonce for choosing between redundant sessions.
+ */
+@Immutable
+@NotNullByDefault
+public class Priority {
+
+	private final byte[] nonce;
+
+	public Priority(byte[] nonce) {
+		this.nonce = nonce;
+	}
+
+	public byte[] getNonce() {
+		return nonce;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/PriorityHandler.java

@@ -0,0 +1,13 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * An interface for handling a {@link Priority} record received by an
+ * incoming {@link SyncSession}.
+ */
+@NotNullByDefault
+public interface PriorityHandler {
+
+	void handle(Priority p);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java

@@ -10,4 +10,5 @@ public interface RecordTypes {
 	byte OFFER = 2;
 	byte REQUEST = 3;
 	byte VERSIONS = 4;
+	byte PRIORITY = 5;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java

@@ -49,4 +49,10 @@ public interface SyncConstants {
 	 * simultaneously.
 	 */
 	int MAX_SUPPORTED_VERSIONS = 10;
+
+	/**
+	 * The length of the priority nonce used for choosing between redundant
+	 * connections.
+	 */
+	int PRIORITY_NONCE_BYTES = 16;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java

@@ -28,4 +28,8 @@ public interface SyncRecordReader {
 	boolean hasVersions() throws IOException;
 
 	Versions readVersions() throws IOException;
+
+	boolean hasPriority() throws IOException;
+
+	Priority readPriority() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java

@@ -17,5 +17,7 @@ public interface SyncRecordWriter {
 
 	void writeVersions(Versions v) throws IOException;
 
+	void writePriority(Priority p) throws IOException;
+
 	void flush() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncSessionFactory.java

@@ -2,18 +2,23 @@ package org.briarproject.bramble.api.sync;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.StreamWriter;
 
 import java.io.InputStream;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface SyncSessionFactory {
 
-	SyncSession createIncomingSession(ContactId c, InputStream in);
+	SyncSession createIncomingSession(ContactId c, InputStream in,
+			PriorityHandler handler);
 
-	SyncSession createSimplexOutgoingSession(ContactId c, int maxLatency,
+	SyncSession createSimplexOutgoingSession(ContactId c, TransportId t,
-			StreamWriter streamWriter);
+			int maxLatency, StreamWriter streamWriter);
 
-	SyncSession createDuplexOutgoingSession(ContactId c, int maxLatency,
+	SyncSession createDuplexOutgoingSession(ContactId c, TransportId t,
-			int maxIdleTime, StreamWriter streamWriter);
+			int maxLatency, int maxIdleTime, StreamWriter streamWriter,
+			@Nullable Priority priority);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/event/CloseSyncConnectionsEvent.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.sync.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when all sync connections using a given
+ * transport should be closed.
+ */
+@Immutable
+@NotNullByDefault
+public class CloseSyncConnectionsEvent extends Event {
+
+	private final TransportId transportId;
+
+	public CloseSyncConnectionsEvent(TransportId transportId) {
+		this.transportId = transportId;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/versioning/ClientVersion.java

@@ -0,0 +1,63 @@
+package org.briarproject.bramble.api.versioning;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.sync.ClientId;
+
+import javax.annotation.concurrent.Immutable;
+
+@Immutable
+@NotNullByDefault
+public class ClientVersion implements Comparable<ClientVersion> {
+
+	private final ClientMajorVersion majorVersion;
+	private final int minorVersion;
+
+	public ClientVersion(ClientMajorVersion majorVersion,
+			int minorVersion) {
+		this.majorVersion = majorVersion;
+		this.minorVersion = minorVersion;
+	}
+
+	public ClientVersion(ClientId clientId, int majorVersion,
+			int minorVersion) {
+		this(new ClientMajorVersion(clientId, majorVersion), minorVersion);
+	}
+
+	public ClientMajorVersion getClientMajorVersion() {
+		return majorVersion;
+	}
+
+	public ClientId getClientId() {
+		return majorVersion.getClientId();
+	}
+
+	public int getMajorVersion() {
+		return majorVersion.getMajorVersion();
+	}
+
+	public int getMinorVersion() {
+		return minorVersion;
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		if (o instanceof ClientVersion) {
+			ClientVersion cv = (ClientVersion) o;
+			return majorVersion.equals(cv.majorVersion)
+					&& minorVersion == cv.minorVersion;
+		}
+		return false;
+	}
+
+	@Override
+	public int hashCode() {
+		return majorVersion.hashCode();
+	}
+
+	@Override
+	public int compareTo(ClientVersion cv) {
+		int compare = majorVersion.compareTo(cv.majorVersion);
+		if (compare != 0) return compare;
+		return minorVersion - cv.minorVersion;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/versioning/event/ClientVersionUpdatedEvent.java

@@ -0,0 +1,34 @@
+package org.briarproject.bramble.api.versioning.event;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.versioning.ClientVersion;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when we receive a client versioning update from
+ * a contact.
+ */
+@Immutable
+@NotNullByDefault
+public class ClientVersionUpdatedEvent extends Event {
+
+	private final ContactId contactId;
+	private final ClientVersion clientVersion;
+
+	public ClientVersionUpdatedEvent(ContactId contactId,
+			ClientVersion clientVersion) {
+		this.contactId = contactId;
+		this.clientVersion = clientVersion;
+	}
+
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public ClientVersion getClientVersion() {
+		return clientVersion;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java

@@ -117,4 +117,10 @@ public class IoUtils {
 			throw new IOException(e);
 		}
 	}
+
+	public static boolean isNonEmptyDirectory(File f) {
+		if (!f.isDirectory()) return false;
+		File[] children = f.listFiles();
+		return children != null && children.length > 0;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java

@@ -2,13 +2,17 @@ package org.briarproject.bramble.util;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
-import java.net.Inet6Address;
+import java.net.Inet4Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 
 import javax.annotation.Nullable;
 
+import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
+import static org.briarproject.bramble.util.StringUtils.isValidMac;
+import static org.briarproject.bramble.util.StringUtils.toHexString;
+
 @NotNullByDefault
 public class PrivacyUtils {
 
@@ -19,7 +23,7 @@ public class PrivacyUtils {
 
 	@Nullable
 	public static String scrubMacAddress(@Nullable String address) {
-		if (address == null || address.length() == 0) return null;
+		if (isNullOrEmpty(address) || !isValidMac(address)) return address;
 		// this is a fake address we need to know about
 		if (address.equals("02:00:00:00:00:00")) return address;
 		// keep first and last octet of MAC address
@@ -27,39 +31,37 @@ public class PrivacyUtils {
 				+ address.substring(14, 17);
 	}
 
-	@Nullable
 	public static String scrubInetAddress(InetAddress address) {
-		// don't scrub link and site local addresses
+		if (address instanceof Inet4Address) {
-		if (address.isLinkLocalAddress() || address.isSiteLocalAddress())
+			// Don't scrub local IPv4 addresses
-			return address.toString();
+			if (address.isLoopbackAddress() || address.isLinkLocalAddress() ||
-		// completely scrub IPv6 addresses
+					address.isSiteLocalAddress()) {
-		if (address instanceof Inet6Address) return "[scrubbed]";
+				return address.getHostAddress();
-		// keep first and last octet of IPv4 addresses
+			}
-		return scrubInetAddress(address.toString());
+			// Keep first and last octet of non-local IPv4 addresses
+			return scrubIpv4Address(address.getAddress());
+		} else {
+			// Keep first and last octet of IPv6 addresses
+			return scrubIpv6Address(address.getAddress());
+		}
 	}
 
-	@Nullable
+	private static String scrubIpv4Address(byte[] ipv4) {
-	public static String scrubInetAddress(@Nullable String address) {
+		return (ipv4[0] & 0xFF) + ".[scrubbed]." + (ipv4[3] & 0xFF);
-		if (address == null) return null;
+	}
-
+
-		int firstDot = address.indexOf(".");
+	private static String scrubIpv6Address(byte[] ipv6) {
-		if (firstDot == -1) return "[scrubbed]";
+		String hex = toHexString(ipv6).toLowerCase();
-		String prefix = address.substring(0, firstDot + 1);
+		return hex.substring(0, 2) + "[scrubbed]" + hex.substring(30);
-		int lastDot = address.lastIndexOf(".");
-		String suffix = address.substring(lastDot, address.length());
-		return prefix + "[scrubbed]" + suffix;
 	}
 
-	@Nullable
 	public static String scrubSocketAddress(InetSocketAddress address) {
-		InetAddress inetAddress = address.getAddress();
+		return scrubInetAddress(address.getAddress());
-		return scrubInetAddress(inetAddress);
 	}
 
-	@Nullable
 	public static String scrubSocketAddress(SocketAddress address) {
 		if (address instanceof InetSocketAddress)
 			return scrubSocketAddress((InetSocketAddress) address);
-		return scrubInetAddress(address.toString());
+		return "[scrubbed]";
 	}
 }

bramble-api/witness.gradle

@@ -2,7 +2,7 @@ dependencyVerification {
     verify = [
         'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
         'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
-        'com.google.dagger:dagger:2.22.1:dagger-2.22.1.jar:329d4340f24c4f5717af016c097e90668bfea2a5376e6aa9964b01cef3fd241a',
+        'com.google.dagger:dagger:2.24:dagger-2.24.jar:550a6e46a6dfcdf1d764887b6090cea94f783327e50e5c73754f18facfc70b64',
         'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
         'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
         'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',

bramble-core/build.gradle

@@ -17,7 +17,7 @@ dependencies {
 	implementation 'org.whispersystems:curve25519-java:0.5.0'
 	implementation 'org.briarproject:jtorctl:0.3'
 
-	annotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'
+	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'
 
 	testImplementation project(path: ':bramble-api', configuration: 'testOutput')
 	testImplementation 'org.hsqldb:hsqldb:2.3.5' // The last version that supports Java 1.6
@@ -26,7 +26,7 @@ dependencies {
 	testImplementation "org.jmock:jmock-junit4:2.8.2"
 	testImplementation "org.jmock:jmock-legacy:2.8.2"
 
-	testAnnotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'
+	testAnnotationProcessor 'com.google.dagger:dagger-compiler:2.24'
 
 	signature 'org.codehaus.mojo.signature:java16:1.1@signature'
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreEagerSingletons.java

@@ -39,18 +39,21 @@ public interface BrambleCoreEagerSingletons {
 
 	void inject(VersioningModule.EagerSingletons init);
 
-	default void injectBrambleCoreEagerSingletons() {
+	class Helper {
-		inject(new ContactModule.EagerSingletons());
+
-		inject(new CryptoExecutorModule.EagerSingletons());
+		public static void injectEagerSingletons(BrambleCoreEagerSingletons c) {
-		inject(new DatabaseExecutorModule.EagerSingletons());
+			c.inject(new ContactModule.EagerSingletons());
-		inject(new IdentityModule.EagerSingletons());
+			c.inject(new CryptoExecutorModule.EagerSingletons());
-		inject(new LifecycleModule.EagerSingletons());
+			c.inject(new DatabaseExecutorModule.EagerSingletons());
-		inject(new RendezvousModule.EagerSingletons());
+			c.inject(new IdentityModule.EagerSingletons());
-		inject(new PluginModule.EagerSingletons());
+			c.inject(new LifecycleModule.EagerSingletons());
-		inject(new PropertiesModule.EagerSingletons());
+			c.inject(new RendezvousModule.EagerSingletons());
-		inject(new SystemModule.EagerSingletons());
+			c.inject(new PluginModule.EagerSingletons());
-		inject(new TransportModule.EagerSingletons());
+			c.inject(new PropertiesModule.EagerSingletons());
-		inject(new ValidationModule.EagerSingletons());
+			c.inject(new SystemModule.EagerSingletons());
-		inject(new VersioningModule.EagerSingletons());
+			c.inject(new TransportModule.EagerSingletons());
+			c.inject(new ValidationModule.EagerSingletons());
+			c.inject(new VersioningModule.EagerSingletons());
+		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble;
 
 import org.briarproject.bramble.client.ClientModule;
+import org.briarproject.bramble.connection.ConnectionModule;
 import org.briarproject.bramble.contact.ContactModule;
 import org.briarproject.bramble.crypto.CryptoExecutorModule;
 import org.briarproject.bramble.crypto.CryptoModule;
@@ -9,6 +10,7 @@ import org.briarproject.bramble.db.DatabaseExecutorModule;
 import org.briarproject.bramble.db.DatabaseModule;
 import org.briarproject.bramble.event.EventModule;
 import org.briarproject.bramble.identity.IdentityModule;
+import org.briarproject.bramble.io.IoModule;
 import org.briarproject.bramble.keyagreement.KeyAgreementModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
@@ -27,6 +29,7 @@ import dagger.Module;
 
 @Module(includes = {
 		ClientModule.class,
+		ConnectionModule.class,
 		ContactModule.class,
 		CryptoModule.class,
 		CryptoExecutorModule.class,
@@ -35,6 +38,7 @@ import dagger.Module;
 		DatabaseExecutorModule.class,
 		EventModule.class,
 		IdentityModule.class,
+		IoModule.class,
 		KeyAgreementModule.class,
 		LifecycleModule.class,
 		PluginModule.class,
@@ -50,8 +54,4 @@ import dagger.Module;
 		VersioningModule.class
 })
 public class BrambleCoreModule {
-
-	public static void initEagerSingletons(BrambleCoreEagerSingletons c) {
-		c.injectBrambleCoreEagerSingletons();
-	}
 }

bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java

@@ -2,6 +2,8 @@ package org.briarproject.bramble.account;
 
 import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.identity.Identity;
@@ -16,12 +18,15 @@ import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.nio.charset.Charset;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.fromHexString;
 import static org.briarproject.bramble.util.StringUtils.toHexString;
@@ -68,9 +73,10 @@ class AccountManagerImpl implements AccountManager {
 		return databaseKey;
 	}
 
-	// Locking: stateChangeLock
+	// Package access for testing
+	@GuardedBy("stateChangeLock")
 	@Nullable
-	protected String loadEncryptedDatabaseKey() {
+	String loadEncryptedDatabaseKey() {
 		String key = readDbKeyFromFile(dbKeyFile);
 		if (key == null) {
 			LOG.info("No database key in primary file");
@@ -83,7 +89,7 @@ class AccountManagerImpl implements AccountManager {
 		return key;
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	@Nullable
 	private String readDbKeyFromFile(File f) {
 		if (!f.exists()) {
@@ -92,7 +98,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 		try {
 			BufferedReader reader = new BufferedReader(new InputStreamReader(
-					new FileInputStream(f), "UTF-8"));
+					new FileInputStream(f), Charset.forName("UTF-8")));
 			String key = reader.readLine();
 			reader.close();
 			return key;
@@ -102,8 +108,9 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	// Package access for testing
-	protected boolean storeEncryptedDatabaseKey(String hex) {
+	@GuardedBy("stateChangeLock")
+	boolean storeEncryptedDatabaseKey(String hex) {
 		LOG.info("Storing database key in file");
 		// Create the directory if necessary
 		if (databaseConfig.getDatabaseKeyDirectory().mkdirs())
@@ -140,10 +147,10 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	private void writeDbKeyToFile(String key, File f) throws IOException {
 		FileOutputStream out = new FileOutputStream(f);
-		out.write(key.getBytes("UTF-8"));
+		out.write(key.getBytes(Charset.forName("UTF-8")));
 		out.flush();
 		out.close();
 	}
@@ -151,8 +158,7 @@ class AccountManagerImpl implements AccountManager {
 	@Override
 	public boolean accountExists() {
 		synchronized (stateChangeLock) {
-			return loadEncryptedDatabaseKey() != null
+			return loadEncryptedDatabaseKey() != null;
-					&& databaseConfig.getDatabaseDirectory().isDirectory();
 		}
 	}
 
@@ -170,10 +176,11 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	private boolean encryptAndStoreDatabaseKey(SecretKey key, String password) {
 		byte[] plaintext = key.getBytes();
-		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password);
+		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password,
+				databaseConfig.getKeyStrengthener());
 		return storeEncryptedDatabaseKey(toHexString(ciphertext));
 	}
 
@@ -188,37 +195,41 @@ class AccountManagerImpl implements AccountManager {
 	}
 
 	@Override
-	public boolean signIn(String password) {
+	public void signIn(String password) throws DecryptionException {
 		synchronized (stateChangeLock) {
-			SecretKey key = loadAndDecryptDatabaseKey(password);
+			databaseKey = loadAndDecryptDatabaseKey(password);
-			if (key == null) return false;
-			databaseKey = key;
-			return true;
 		}
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
-	@Nullable
+	private SecretKey loadAndDecryptDatabaseKey(String password)
-	private SecretKey loadAndDecryptDatabaseKey(String password) {
+			throws DecryptionException {
 		String hex = loadEncryptedDatabaseKey();
 		if (hex == null) {
 			LOG.warning("Failed to load encrypted database key");
-			return null;
+			throw new DecryptionException(INVALID_CIPHERTEXT);
 		}
 		byte[] ciphertext = fromHexString(hex);
-		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password);
+		KeyStrengthener keyStrengthener = databaseConfig.getKeyStrengthener();
-		if (plaintext == null) {
+		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password,
-			LOG.info("Failed to decrypt database key");
+				keyStrengthener);
-			return null;
+		SecretKey key = new SecretKey(plaintext);
+		// If the DB key was encrypted with a weak key and a key strengthener
+		// is now available, re-encrypt the DB key with a strengthened key
+		if (keyStrengthener != null &&
+				!crypto.isEncryptedWithStrengthenedKey(ciphertext)) {
+			LOG.info("Re-encrypting database key with strengthened key");
+			encryptAndStoreDatabaseKey(key, password);
 		}
-		return new SecretKey(plaintext);
+		return key;
 	}
 
 	@Override
-	public boolean changePassword(String oldPassword, String newPassword) {
+	public void changePassword(String oldPassword, String newPassword)
+			throws DecryptionException {
 		synchronized (stateChangeLock) {
 			SecretKey key = loadAndDecryptDatabaseKey(oldPassword);
-			return key != null && encryptAndStoreDatabaseKey(key, newPassword);
+			encryptAndStoreDatabaseKey(key, newPassword);
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/connection/Connection.java

@@ -0,0 +1,79 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.util.IoUtils.read;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+abstract class Connection {
+
+	protected static final Logger LOG = getLogger(Connection.class.getName());
+
+	final KeyManager keyManager;
+	final ConnectionRegistry connectionRegistry;
+	final StreamReaderFactory streamReaderFactory;
+	final StreamWriterFactory streamWriterFactory;
+
+	Connection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory) {
+		this.keyManager = keyManager;
+		this.connectionRegistry = connectionRegistry;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+	}
+
+	@Nullable
+	StreamContext recogniseTag(TransportConnectionReader reader,
+			TransportId transportId) {
+		StreamContext ctx;
+		try {
+			byte[] tag = readTag(reader.getInputStream());
+			return keyManager.getStreamContext(transportId, tag);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	private byte[] readTag(InputStream in) throws IOException {
+		byte[] tag = new byte[TAG_LENGTH];
+		read(in, tag);
+		return tag;
+	}
+
+	void disposeOnError(TransportConnectionReader reader, boolean recognised) {
+		try {
+			reader.dispose(true, recognised);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+
+	void disposeOnError(TransportConnectionWriter writer) {
+		try {
+			writer.dispose(true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionManagerImpl.java

@@ -0,0 +1,114 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.security.SecureRandom;
+import java.util.concurrent.Executor;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+@Immutable
+@NotNullByDefault
+class ConnectionManagerImpl implements ConnectionManager {
+
+	private final Executor ioExecutor;
+	private final KeyManager keyManager;
+	private final StreamReaderFactory streamReaderFactory;
+	private final StreamWriterFactory streamWriterFactory;
+	private final SyncSessionFactory syncSessionFactory;
+	private final HandshakeManager handshakeManager;
+	private final ContactExchangeManager contactExchangeManager;
+	private final ConnectionRegistry connectionRegistry;
+	private final TransportPropertyManager transportPropertyManager;
+	private final SecureRandom secureRandom;
+
+	@Inject
+	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
+			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionRegistry connectionRegistry,
+			TransportPropertyManager transportPropertyManager,
+			SecureRandom secureRandom) {
+		this.ioExecutor = ioExecutor;
+		this.keyManager = keyManager;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+		this.syncSessionFactory = syncSessionFactory;
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionRegistry = connectionRegistry;
+		this.transportPropertyManager = transportPropertyManager;
+		this.secureRandom = secureRandom;
+	}
+
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			TransportConnectionReader r) {
+		ioExecutor.execute(new IncomingSimplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, t, r));
+	}
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new IncomingDuplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, ioExecutor,
+				t, d));
+	}
+
+	@Override
+	public void manageIncomingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new IncomingHandshakeConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				handshakeManager, contactExchangeManager, this, p, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			TransportConnectionWriter w) {
+		ioExecutor.execute(new OutgoingSimplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, c, t, w));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new OutgoingDuplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, ioExecutor,
+				secureRandom, c, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new OutgoingHandshakeConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				handshakeManager, contactExchangeManager, this, p, t, d));
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionModule.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public class ConnectionModule {
+
+	@Provides
+	ConnectionManager provideConnectionManager(
+			ConnectionManagerImpl connectionManager) {
+		return connectionManager;
+	}
+
+	@Provides
+	@Singleton
+	ConnectionRegistry provideConnectionRegistry(
+			ConnectionRegistryImpl connectionRegistry) {
+		return connectionRegistry;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionRegistryImpl.java

@@ -0,0 +1,283 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;
+
+import static java.util.Collections.emptyList;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+
+@ThreadSafe
+@NotNullByDefault
+class ConnectionRegistryImpl implements ConnectionRegistry {
+
+	private static final Logger LOG =
+			getLogger(ConnectionRegistryImpl.class.getName());
+
+	private final EventBus eventBus;
+	private final Map<TransportId, List<TransportId>> transportPrefs;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final Map<ContactId, List<ConnectionRecord>> contactConnections;
+	@GuardedBy("lock")
+	private final Set<PendingContactId> connectedPendingContacts;
+
+	@Inject
+	ConnectionRegistryImpl(EventBus eventBus, PluginConfig pluginConfig) {
+		this.eventBus = eventBus;
+		transportPrefs = pluginConfig.getTransportPreferences();
+		contactConnections = new HashMap<>();
+		connectedPendingContacts = new HashSet<>();
+	}
+
+	@Override
+	public void registerIncomingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn) {
+		registerConnection(c, t, conn, true);
+	}
+
+	@Override
+	public void registerOutgoingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority) {
+		registerConnection(c, t, conn, false);
+		setPriority(c, t, conn, priority);
+	}
+
+	private void registerConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection registered: " + t);
+			else LOG.info("Outgoing connection registered: " + t);
+		}
+		boolean firstConnection;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) {
+				recs = new ArrayList<>();
+				contactConnections.put(c, recs);
+			}
+			firstConnection = recs.isEmpty();
+			recs.add(new ConnectionRecord(t, conn));
+		}
+		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
+		if (firstConnection) {
+			LOG.info("Contact connected");
+			eventBus.broadcast(new ContactConnectedEvent(c));
+		}
+	}
+
+	@Override
+	public void setPriority(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority) {
+		if (LOG.isLoggable(INFO)) LOG.info("Setting connection priority: " + t);
+		List<InterruptibleConnection> toInterrupt;
+		boolean interruptNewConnection = false;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) throw new IllegalArgumentException();
+			toInterrupt = new ArrayList<>(recs.size());
+			for (ConnectionRecord rec : recs) {
+				if (rec.conn == conn) {
+					// Store the priority of this connection
+					rec.priority = priority;
+				} else if (rec.priority != null) {
+					int compare = compareConnections(t, priority,
+							rec.transportId, rec.priority);
+					if (compare == -1) {
+						// The old connection is better than the new one
+						interruptNewConnection = true;
+					} else if (compare == 1 && !rec.interrupted) {
+						// The new connection is better than the old one
+						toInterrupt.add(rec.conn);
+						rec.interrupted = true;
+					}
+				}
+			}
+		}
+		if (interruptNewConnection) {
+			LOG.info("Interrupting new connection");
+			conn.interruptOutgoingSession();
+		}
+		for (InterruptibleConnection old : toInterrupt) {
+			LOG.info("Interrupting old connection");
+			old.interruptOutgoingSession();
+		}
+	}
+
+	private int compareConnections(TransportId tA, Priority pA, TransportId tB,
+			Priority pB) {
+		if (getBetterTransports(tA).contains(tB)) return -1;
+		if (getBetterTransports(tB).contains(tA)) return 1;
+		return tA.equals(tB) ? Bytes.compare(pA.getNonce(), pB.getNonce()) : 0;
+	}
+
+	private List<TransportId> getBetterTransports(TransportId t) {
+		List<TransportId> better = transportPrefs.get(t);
+		return better == null ? emptyList() : better;
+	}
+
+	@Override
+	public void unregisterConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming, boolean exception) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection unregistered: " + t);
+			else LOG.info("Outgoing connection unregistered: " + t);
+		}
+		boolean lastConnection;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null || !recs.remove(new ConnectionRecord(t, conn)))
+				throw new IllegalArgumentException();
+			lastConnection = recs.isEmpty();
+		}
+		eventBus.broadcast(
+				new ConnectionClosedEvent(c, t, incoming, exception));
+		if (lastConnection) {
+			LOG.info("Contact disconnected");
+			eventBus.broadcast(new ContactDisconnectedEvent(c));
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedContacts(TransportId t) {
+		synchronized (lock) {
+			List<ContactId> contactIds = new ArrayList<>();
+			for (Entry<ContactId, List<ConnectionRecord>> e :
+					contactConnections.entrySet()) {
+				for (ConnectionRecord rec : e.getValue()) {
+					if (rec.transportId.equals(t)) {
+						contactIds.add(e.getKey());
+						break;
+					}
+				}
+			}
+			if (LOG.isLoggable(INFO)) {
+				LOG.info(contactIds.size() + " contacts connected: " + t);
+			}
+			return contactIds;
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedOrBetterContacts(TransportId t) {
+		synchronized (lock) {
+			List<TransportId> better = getBetterTransports(t);
+			List<ContactId> contactIds = new ArrayList<>();
+			for (Entry<ContactId, List<ConnectionRecord>> e :
+					contactConnections.entrySet()) {
+				for (ConnectionRecord rec : e.getValue()) {
+					if (rec.transportId.equals(t) ||
+							better.contains(rec.transportId)) {
+						contactIds.add(e.getKey());
+						break;
+					}
+				}
+			}
+			if (LOG.isLoggable(INFO)) {
+				LOG.info(contactIds.size()
+						+ " contacts connected or better: " + t);
+			}
+			return contactIds;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c, TransportId t) {
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) return false;
+			for (ConnectionRecord rec : recs) {
+				if (rec.transportId.equals(t)) return true;
+			}
+			return false;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c) {
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			return recs != null && !recs.isEmpty();
+		}
+	}
+
+	@Override
+	public boolean registerConnection(PendingContactId p) {
+		boolean added;
+		synchronized (lock) {
+			added = connectedPendingContacts.add(p);
+		}
+		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
+		return added;
+	}
+
+	@Override
+	public void unregisterConnection(PendingContactId p, boolean success) {
+		synchronized (lock) {
+			if (!connectedPendingContacts.remove(p))
+				throw new IllegalArgumentException();
+		}
+		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
+	}
+
+	private static class ConnectionRecord {
+
+		private final TransportId transportId;
+		private final InterruptibleConnection conn;
+		@GuardedBy("lock")
+		@Nullable
+		private Priority priority = null;
+		@GuardedBy("lock")
+		private boolean interrupted = false;
+
+		private ConnectionRecord(TransportId transportId,
+				InterruptibleConnection conn) {
+			this.transportId = transportId;
+			this.conn = conn;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (o instanceof ConnectionRecord) {
+				return conn == ((ConnectionRecord) o).conn;
+			} else {
+				return false;
+			}
+		}
+
+		@Override
+		public int hashCode() {
+			return conn.hashCode();
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/DuplexSyncConnection.java

@@ -0,0 +1,109 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.util.concurrent.Executor;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+
+@NotNullByDefault
+abstract class DuplexSyncConnection extends SyncConnection
+		implements InterruptibleConnection {
+
+	final Executor ioExecutor;
+	final TransportId transportId;
+	final TransportConnectionReader reader;
+	final TransportConnectionWriter writer;
+	final TransportProperties remote;
+
+	private final Object interruptLock = new Object();
+
+	@GuardedBy("interruptLock")
+	@Nullable
+	private SyncSession outgoingSession = null;
+	@GuardedBy("interruptLock")
+	private boolean interruptWaiting = false;
+
+	@Override
+	public void interruptOutgoingSession() {
+		SyncSession out = null;
+		synchronized (interruptLock) {
+			if (outgoingSession == null) interruptWaiting = true;
+			else out = outgoingSession;
+		}
+		if (out != null) out.interrupt();
+	}
+
+	void setOutgoingSession(SyncSession outgoingSession) {
+		boolean interruptWasWaiting = false;
+		synchronized (interruptLock) {
+			this.outgoingSession = outgoingSession;
+			if (interruptWaiting) {
+				interruptWasWaiting = true;
+				interruptWaiting = false;
+			}
+		}
+		if (interruptWasWaiting) outgoingSession.interrupt();
+	}
+
+	DuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, TransportId transportId,
+			DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.ioExecutor = ioExecutor;
+		this.transportId = transportId;
+		reader = connection.getReader();
+		writer = connection.getWriter();
+		remote = connection.getRemoteProperties();
+	}
+
+	void onReadError(boolean recognised) {
+		disposeOnError(reader, recognised);
+		disposeOnError(writer);
+		interruptOutgoingSession();
+	}
+
+	void onWriteError() {
+		disposeOnError(reader, true);
+		disposeOnError(writer);
+	}
+
+	SyncSession createDuplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w, @Nullable Priority priority)
+			throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createDuplexOutgoingSession(c,
+				ctx.getTransportId(), w.getMaxLatency(), w.getMaxIdleTime(),
+				streamWriter, priority);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/HandshakeConnection.java

@@ -0,0 +1,72 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+abstract class HandshakeConnection extends Connection {
+
+	final HandshakeManager handshakeManager;
+	final ContactExchangeManager contactExchangeManager;
+	final ConnectionManager connectionManager;
+	final PendingContactId pendingContactId;
+	final TransportId transportId;
+	final DuplexTransportConnection connection;
+	final TransportConnectionReader reader;
+	final TransportConnectionWriter writer;
+
+	HandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory);
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionManager = connectionManager;
+		this.pendingContactId = pendingContactId;
+		this.transportId = transportId;
+		this.connection = connection;
+		reader = connection.getReader();
+		writer = connection.getWriter();
+	}
+
+	@Nullable
+	StreamContext allocateStreamContext(PendingContactId pendingContactId,
+			TransportId transportId) {
+		try {
+			return keyManager.getStreamContext(pendingContactId, transportId);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	void onError(boolean recognised) {
+		disposeOnError(reader, recognised);
+		disposeOnError(writer);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingDuplexSyncConnection.java

@@ -0,0 +1,107 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.util.concurrent.Executor;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingDuplexSyncConnection extends DuplexSyncConnection
+		implements Runnable {
+
+	IncomingDuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, TransportId transportId,
+			DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager, ioExecutor, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		if (ctx == null) {
+			LOG.info("Unrecognised tag");
+			onReadError(false);
+			return;
+		}
+		ContactId contactId = ctx.getContactId();
+		if (contactId == null) {
+			LOG.warning("Expected contact tag, got rendezvous tag");
+			onReadError(true);
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onReadError(true);
+			return;
+		}
+		connectionRegistry.registerIncomingConnection(contactId, transportId,
+				this);
+		// Start the outgoing session on another thread
+		ioExecutor.execute(() -> runOutgoingSession(contactId));
+		try {
+			// Store any transport properties discovered from the connection
+			transportPropertyManager.addRemotePropertiesFromConnection(
+					contactId, transportId, remote);
+			// Update the connection registry when we receive our priority
+			PriorityHandler handler = p -> connectionRegistry.setPriority(
+					contactId, transportId, this, p);
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+			interruptOutgoingSession();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, true, false);
+		} catch (DbException | IOException e) {
+			logException(LOG, WARNING, e);
+			onReadError(true);
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, true, true);
+		}
+	}
+
+	private void runOutgoingSession(ContactId contactId) {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onWriteError();
+			return;
+		}
+		try {
+			// Create and run the outgoing session
+			SyncSession out = createDuplexOutgoingSession(ctx, writer, null);
+			setOutgoingSession(out);
+			out.run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onWriteError();
+		}
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingHandshakeConnection.java

@@ -0,0 +1,93 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingHandshakeConnection extends HandshakeConnection
+		implements Runnable {
+
+	IncomingHandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, handshakeManager, contactExchangeManager,
+				connectionManager, pendingContactId, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctxIn = recogniseTag(reader, transportId);
+		if (ctxIn == null) {
+			LOG.info("Unrecognised tag");
+			onError(false);
+			return;
+		}
+		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+		if (inPendingContactId == null) {
+			LOG.warning("Expected rendezvous tag, got contact tag");
+			onError(true);
+			return;
+		}
+		// Allocate the outgoing stream context
+		StreamContext ctxOut =
+				allocateStreamContext(pendingContactId, transportId);
+		if (ctxOut == null) {
+			LOG.warning("Could not allocate stream context");
+			onError(true);
+			return;
+		}
+		// Close the connection if it's redundant
+		if (!connectionRegistry.registerConnection(pendingContactId)) {
+			LOG.info("Redundant rendezvous connection");
+			onError(true);
+			return;
+		}
+		// Handshake and exchange contacts
+		try {
+			InputStream in = streamReaderFactory.createStreamReader(
+					reader.getInputStream(), ctxIn);
+			// Flush the output stream to send the outgoing stream header
+			StreamWriter out = streamWriterFactory.createStreamWriter(
+					writer.getOutputStream(), ctxOut);
+			out.getOutputStream().flush();
+			HandshakeResult result =
+					handshakeManager.handshake(pendingContactId, in, out);
+			contactExchangeManager.exchangeContacts(pendingContactId,
+					connection, result.getMasterKey(), result.isAlice(), false);
+			connectionRegistry.unregisterConnection(pendingContactId, true);
+			// Reuse the connection as a transport connection
+			connectionManager.manageIncomingConnection(transportId, connection);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			onError(true);
+			connectionRegistry.unregisterConnection(pendingContactId, false);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingSimplexSyncConnection.java

@@ -0,0 +1,79 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingSimplexSyncConnection extends SyncConnection implements Runnable {
+
+	private final TransportId transportId;
+	private final TransportConnectionReader reader;
+
+	IncomingSimplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			TransportId transportId, TransportConnectionReader reader) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.transportId = transportId;
+		this.reader = reader;
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		if (ctx == null) {
+			LOG.info("Unrecognised tag");
+			onError(false);
+			return;
+		}
+		ContactId contactId = ctx.getContactId();
+		if (contactId == null) {
+			LOG.warning("Received rendezvous stream, expected contact");
+			onError(true);
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onError(true);
+			return;
+		}
+		try {
+			// We don't expect to receive a priority for this connection
+			PriorityHandler handler = p ->
+					LOG.info("Ignoring priority for simplex connection");
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError(true);
+		}
+	}
+
+	private void onError(boolean recognised) {
+		disposeOnError(reader, recognised);
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingDuplexSyncConnection.java

@@ -0,0 +1,140 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.concurrent.Executor;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.sync.SyncConstants.PRIORITY_NONCE_BYTES;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingDuplexSyncConnection extends DuplexSyncConnection
+		implements Runnable {
+
+	private final SecureRandom secureRandom;
+	private final ContactId contactId;
+
+	OutgoingDuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, SecureRandom secureRandom, ContactId contactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager, ioExecutor, transportId, connection);
+		this.secureRandom = secureRandom;
+		this.contactId = contactId;
+	}
+
+	@Override
+	public void run() {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onWriteError();
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Cannot use handshake mode stream context");
+			onWriteError();
+			return;
+		}
+		// Start the incoming session on another thread
+		Priority priority = generatePriority();
+		ioExecutor.execute(() -> runIncomingSession(priority));
+		try {
+			// Create and run the outgoing session
+			SyncSession out =
+					createDuplexOutgoingSession(ctx, writer, priority);
+			setOutgoingSession(out);
+			out.run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onWriteError();
+		}
+	}
+
+	private void runIncomingSession(Priority priority) {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		// Unrecognised tags are suspicious in this case
+		if (ctx == null) {
+			LOG.warning("Unrecognised tag for returning stream");
+			onReadError();
+			return;
+		}
+		// Check that the stream comes from the expected contact
+		ContactId inContactId = ctx.getContactId();
+		if (inContactId == null) {
+			LOG.warning("Expected contact tag, got rendezvous tag");
+			onReadError();
+			return;
+		}
+		if (!contactId.equals(inContactId)) {
+			LOG.warning("Wrong contact ID for returning stream");
+			onReadError();
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onReadError();
+			return;
+		}
+		connectionRegistry.registerOutgoingConnection(contactId, transportId,
+				this, priority);
+		try {
+			// Store any transport properties discovered from the connection
+			transportPropertyManager.addRemotePropertiesFromConnection(
+					contactId, transportId, remote);
+			// We don't expect to receive a priority for this connection
+			PriorityHandler handler = p ->
+					LOG.info("Ignoring priority for outgoing connection");
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+			interruptOutgoingSession();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, false, false);
+		} catch (DbException | IOException e) {
+			logException(LOG, WARNING, e);
+			onReadError();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, false, true);
+		}
+	}
+
+	private void onReadError() {
+		// 'Recognised' is always true for outgoing connections
+		onReadError(true);
+	}
+
+	private Priority generatePriority() {
+		byte[] nonce = new byte[PRIORITY_NONCE_BYTES];
+		secureRandom.nextBytes(nonce);
+		return new Priority(nonce);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingHandshakeConnection.java

@@ -0,0 +1,115 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.Contact;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingHandshakeConnection extends HandshakeConnection
+		implements Runnable {
+
+	OutgoingHandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, handshakeManager, contactExchangeManager,
+				connectionManager, pendingContactId, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Allocate the outgoing stream context
+		StreamContext ctxOut =
+				allocateStreamContext(pendingContactId, transportId);
+		if (ctxOut == null) {
+			LOG.warning("Could not allocate stream context");
+			onError();
+			return;
+		}
+		// Flush the output stream to send the outgoing stream header
+		StreamWriter out;
+		try {
+			out = streamWriterFactory.createStreamWriter(
+					writer.getOutputStream(), ctxOut);
+			out.getOutputStream().flush();
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError();
+			return;
+		}
+		// Read and recognise the tag
+		StreamContext ctxIn = recogniseTag(reader, transportId);
+		// Unrecognised tags are suspicious in this case
+		if (ctxIn == null) {
+			LOG.warning("Unrecognised tag for returning stream");
+			onError();
+			return;
+		}
+		// Check that the stream comes from the expected pending contact
+		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+		if (inPendingContactId == null) {
+			LOG.warning("Expected rendezvous tag, got contact tag");
+			onError();
+			return;
+		}
+		if (!inPendingContactId.equals(pendingContactId)) {
+			LOG.warning("Wrong pending contact ID for returning stream");
+			onError();
+			return;
+		}
+		// Close the connection if it's redundant
+		if (!connectionRegistry.registerConnection(pendingContactId)) {
+			LOG.info("Redundant rendezvous connection");
+			onError();
+			return;
+		}
+		// Handshake and exchange contacts
+		try {
+			InputStream in = streamReaderFactory.createStreamReader(
+					reader.getInputStream(), ctxIn);
+			HandshakeResult result =
+					handshakeManager.handshake(pendingContactId, in, out);
+			Contact contact = contactExchangeManager.exchangeContacts(
+					pendingContactId, connection, result.getMasterKey(),
+					result.isAlice(), false);
+			connectionRegistry.unregisterConnection(pendingContactId, true);
+			// Reuse the connection as a transport connection
+			connectionManager.manageOutgoingConnection(contact.getId(),
+					transportId, connection);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			onError();
+			connectionRegistry.unregisterConnection(pendingContactId, false);
+		}
+	}
+
+	private void onError() {
+		// 'Recognised' is always true for outgoing connections
+		onError(true);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingSimplexSyncConnection.java

@@ -0,0 +1,78 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingSimplexSyncConnection extends SyncConnection implements Runnable {
+
+	private final ContactId contactId;
+	private final TransportId transportId;
+	private final TransportConnectionWriter writer;
+
+	OutgoingSimplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			ContactId contactId, TransportId transportId,
+			TransportConnectionWriter writer) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.contactId = contactId;
+		this.transportId = transportId;
+		this.writer = writer;
+	}
+
+	@Override
+	public void run() {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onError();
+			return;
+		}
+		try {
+			// Create and run the outgoing session
+			createSimplexOutgoingSession(ctx, writer).run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError();
+		}
+	}
+
+	private void onError() {
+		disposeOnError(writer);
+	}
+
+	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w) throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createSimplexOutgoingSession(c,
+				ctx.getTransportId(), w.getMaxLatency(), streamWriter);
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/SyncConnection.java

@@ -0,0 +1,64 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class SyncConnection extends Connection {
+
+	final SyncSessionFactory syncSessionFactory;
+	final TransportPropertyManager transportPropertyManager;
+
+	SyncConnection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory);
+		this.syncSessionFactory = syncSessionFactory;
+		this.transportPropertyManager = transportPropertyManager;
+	}
+
+	@Nullable
+	StreamContext allocateStreamContext(ContactId contactId,
+			TransportId transportId) {
+		try {
+			return keyManager.getStreamContext(contactId, transportId);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	SyncSession createIncomingSession(StreamContext ctx,
+			TransportConnectionReader r, PriorityHandler handler)
+			throws IOException {
+		InputStream streamReader = streamReaderFactory.createStreamReader(
+				r.getInputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory
+				.createIncomingSession(c, streamReader, handler);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -7,8 +7,10 @@ import net.i2p.crypto.eddsa.KeyPairGenerator;
 import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
 import org.briarproject.bramble.api.crypto.AgreementPublicKey;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
@@ -38,6 +40,9 @@ import static java.lang.System.arraycopy;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_PASSWORD;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.KEY_STRENGTHENER_ERROR;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -51,7 +56,8 @@ class CryptoComponentImpl implements CryptoComponent {
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
 	private static final int PBKDF_SALT_BYTES = 32; // 256 bits
-	private static final int PBKDF_FORMAT_SCRYPT = 0;
+	private static final byte PBKDF_FORMAT_SCRYPT = 0;
+	private static final byte PBKDF_FORMAT_SCRYPT_STRENGTHENED = 1;
 
 	private final SecureRandom secureRandom;
 	private final PasswordBasedKdf passwordBasedKdf;
@@ -311,7 +317,8 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public byte[] encryptWithPassword(byte[] input, String password) {
+	public byte[] encryptWithPassword(byte[] input, String password,
+			@Nullable KeyStrengthener keyStrengthener) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// Generate a random salt
@@ -319,8 +326,9 @@ class CryptoComponentImpl implements CryptoComponent {
 		secureRandom.nextBytes(salt);
 		// Calibrate the KDF
 		int cost = passwordBasedKdf.chooseCostParameter();
-		// Derive the key from the password
+		// Derive the encryption key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, cost);
+		if (keyStrengthener != null) key = keyStrengthener.strengthenKey(key);
 		// Generate a random IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		secureRandom.nextBytes(iv);
@@ -331,7 +339,9 @@ class CryptoComponentImpl implements CryptoComponent {
 		byte[] output = new byte[outputLen];
 		int outputOff = 0;
 		// Format version
-		output[outputOff] = PBKDF_FORMAT_SCRYPT;
+		byte formatVersion = keyStrengthener == null
+				? PBKDF_FORMAT_SCRYPT : PBKDF_FORMAT_SCRYPT_STRENGTHENED;
+		output[outputOff] = formatVersion;
 		outputOff++;
 		// Salt
 		arraycopy(salt, 0, output, outputOff, salt.length);
@@ -353,21 +363,26 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	@Nullable
+	public byte[] decryptWithPassword(byte[] input, String password,
-	public byte[] decryptWithPassword(byte[] input, String password) {
+			@Nullable KeyStrengthener keyStrengthener)
+			throws DecryptionException {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// The input contains the format version, salt, cost parameter, IV,
 		// ciphertext and MAC
 		if (input.length < 1 + PBKDF_SALT_BYTES + INT_32_BYTES
-				+ STORAGE_IV_BYTES + macBytes)
+				+ STORAGE_IV_BYTES + macBytes) {
-			return null; // Invalid input
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		int inputOff = 0;
 		// Format version
 		byte formatVersion = input[inputOff];
 		inputOff++;
-		if (formatVersion != PBKDF_FORMAT_SCRYPT)
+		// Check whether we support this format version
-			return null; // Unknown format
+		if (formatVersion != PBKDF_FORMAT_SCRYPT &&
+				formatVersion != PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
 		arraycopy(input, inputOff, salt, 0, salt.length);
@@ -375,14 +390,22 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Cost parameter
 		long cost = ByteUtils.readUint32(input, inputOff);
 		inputOff += INT_32_BYTES;
-		if (cost < 2 || cost > Integer.MAX_VALUE)
+		if (cost < 2 || cost > Integer.MAX_VALUE) {
-			return null; // Invalid cost parameter
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		arraycopy(input, inputOff, iv, 0, iv.length);
 		inputOff += iv.length;
-		// Derive the key from the password
+		// Derive the decryption key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);
+		if (formatVersion == PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
+			if (keyStrengthener == null || !keyStrengthener.isInitialised()) {
+				// Can't derive the same strengthened key
+				throw new DecryptionException(KEY_STRENGTHENER_ERROR);
+			}
+			key = keyStrengthener.strengthenKey(key);
+		}
 		// Initialise the cipher
 		try {
 			cipher.init(false, key, iv);
@@ -396,10 +419,16 @@ class CryptoComponentImpl implements CryptoComponent {
 			cipher.process(input, inputOff, inputLen, output, 0);
 			return output;
 		} catch (GeneralSecurityException e) {
-			return null; // Invalid ciphertext
+			throw new DecryptionException(INVALID_PASSWORD);
 		}
 	}
 
+	@Override
+	public boolean isEncryptedWithStrengthenedKey(byte[] ciphertext) {
+		return ciphertext.length > 0 &&
+				ciphertext[0] == PBKDF_FORMAT_SCRYPT_STRENGTHENED;
+	}
+
 	@Override
 	public byte[] encryptToKey(PublicKey publicKey, byte[] plaintext) {
 		try {

bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java

@@ -25,6 +25,7 @@ import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+import static org.briarproject.bramble.util.IoUtils.isNonEmptyDirectory;
 import static org.briarproject.bramble.util.LogUtils.logFileOrDir;
 
 /**
@@ -69,8 +70,9 @@ class H2Database extends JdbcDatabase {
 			LOG.info("Contents of account directory before opening DB:");
 			logFileOrDir(LOG, INFO, dir.getParentFile());
 		}
-		boolean reopen = !dir.mkdirs();
+		boolean reopen = isNonEmptyDirectory(dir);
 		if (LOG.isLoggable(INFO)) LOG.info("Reopening DB: " + reopen);
+		if (!reopen && dir.mkdirs()) LOG.info("Created database directory");
 		super.open("org.h2.Driver", reopen, key, listener);
 		if (LOG.isLoggable(INFO)) {
 			LOG.info("Contents of account directory after opening DB:");

bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java

@@ -20,9 +20,11 @@ import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.inject.Inject;
 
+import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+import static org.briarproject.bramble.util.IoUtils.isNonEmptyDirectory;
 
 /**
  * Contains all the HSQLDB-specific code for the database.
@@ -64,7 +66,10 @@ class HyperSqlDatabase extends JdbcDatabase {
 	public boolean open(SecretKey key, @Nullable MigrationListener listener)
 			throws DbException {
 		this.key = key;
-		boolean reopen = !config.getDatabaseDirectory().mkdirs();
+		File dir = config.getDatabaseDirectory();
+		boolean reopen = isNonEmptyDirectory(dir);
+		if (LOG.isLoggable(INFO)) LOG.info("Reopening DB: " + reopen);
+		if (!reopen && dir.mkdirs()) LOG.info("Created database directory");
 		super.open("org.hsqldb.jdbc.JDBCDriver", reopen, key, listener);
 		return reopen;
 	}

bramble-core/src/main/java/org/briarproject/bramble/io/IoModule.java

@@ -0,0 +1,18 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.api.io.TimeoutMonitor;
+
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public class IoModule {
+
+	@Provides
+	@Singleton
+	TimeoutMonitor provideTimeoutMonitor(TimeoutMonitorImpl timeoutMonitor) {
+		return timeoutMonitor;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutInputStream.java

@@ -0,0 +1,104 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.Clock;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.annotation.concurrent.GuardedBy;
+
+@NotNullByDefault
+class TimeoutInputStream extends InputStream {
+
+	private final Clock clock;
+	private final InputStream in;
+	private final long timeoutMs;
+	private final CloseListener listener;
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private long readStartedMs = -1;
+
+	TimeoutInputStream(Clock clock, InputStream in, long timeoutMs,
+			CloseListener listener) {
+		this.clock = clock;
+		this.in = in;
+		this.timeoutMs = timeoutMs;
+		this.listener = listener;
+	}
+
+	@Override
+	public int read() throws IOException {
+		synchronized (lock) {
+			readStartedMs = clock.currentTimeMillis();
+		}
+		int input = in.read();
+		synchronized (lock) {
+			readStartedMs = -1;
+		}
+		return input;
+	}
+
+	@Override
+	public int read(byte[] b) throws IOException {
+		return read(b, 0, b.length);
+	}
+
+	@Override
+	public int read(byte[] b, int off, int len) throws IOException {
+		synchronized (lock) {
+			readStartedMs = clock.currentTimeMillis();
+		}
+		int read = in.read(b, off, len);
+		synchronized (lock) {
+			readStartedMs = -1;
+		}
+		return read;
+	}
+
+	@Override
+	public void close() throws IOException {
+		try {
+			in.close();
+		} finally {
+			listener.onClose(this);
+		}
+	}
+
+	@Override
+	public int available() throws IOException {
+		return in.available();
+	}
+
+	@Override
+	public void mark(int readlimit) {
+		in.mark(readlimit);
+	}
+
+	@Override
+	public boolean markSupported() {
+		return in.markSupported();
+	}
+
+	@Override
+	public void reset() throws IOException {
+		in.reset();
+	}
+
+	@Override
+	public long skip(long n) throws IOException {
+		return in.skip(n);
+	}
+
+	boolean hasTimedOut() {
+		synchronized (lock) {
+			return readStartedMs != -1 &&
+					clock.currentTimeMillis() - readStartedMs > timeoutMs;
+		}
+	}
+
+	interface CloseListener {
+
+		void onClose(TimeoutInputStream closed);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutMonitorImpl.java

@@ -0,0 +1,96 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.api.io.TimeoutMonitor;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.api.system.Scheduler;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.GuardedBy;
+import javax.inject.Inject;
+
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+class TimeoutMonitorImpl implements TimeoutMonitor {
+
+	private static final Logger LOG =
+			getLogger(TimeoutMonitorImpl.class.getName());
+
+	private static final long CHECK_INTERVAL_MS = SECONDS.toMillis(10);
+
+	private final ScheduledExecutorService scheduler;
+	private final Executor ioExecutor;
+	private final Clock clock;
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final List<TimeoutInputStream> streams = new ArrayList<>();
+
+	@GuardedBy("lock")
+	private Future<?> task = null;
+
+	@Inject
+	TimeoutMonitorImpl(@Scheduler ScheduledExecutorService scheduler,
+			@IoExecutor Executor ioExecutor, Clock clock) {
+		this.scheduler = scheduler;
+		this.ioExecutor = ioExecutor;
+		this.clock = clock;
+	}
+
+	@Override
+	public InputStream createTimeoutInputStream(InputStream in,
+			long timeoutMs) {
+		TimeoutInputStream stream = new TimeoutInputStream(clock, in,
+				timeoutMs, this::removeStream);
+		synchronized (lock) {
+			if (streams.isEmpty()) {
+				task = scheduler.scheduleWithFixedDelay(this::checkTimeouts,
+						CHECK_INTERVAL_MS, CHECK_INTERVAL_MS, MILLISECONDS);
+			}
+			streams.add(stream);
+		}
+		return stream;
+	}
+
+	private void removeStream(TimeoutInputStream stream) {
+		Future<?> toCancel = null;
+		synchronized (lock) {
+			if (streams.remove(stream) && streams.isEmpty()) {
+				toCancel = task;
+				task = null;
+			}
+		}
+		if (toCancel != null) toCancel.cancel(false);
+	}
+
+	@Scheduler
+	private void checkTimeouts() {
+		ioExecutor.execute(() -> {
+			List<TimeoutInputStream> snapshot;
+			synchronized (lock) {
+				snapshot = new ArrayList<>(streams);
+			}
+			for (TimeoutInputStream stream : snapshot) {
+				if (stream.hasTimedOut()) {
+					LOG.info("Input stream has timed out");
+					try {
+						stream.close();
+					} catch (IOException e) {
+						logException(LOG, INFO, e);
+					}
+				}
+			}
+		});
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionManagerImpl.java

@@ -1,694 +0,0 @@
-package org.briarproject.bramble.plugin;
-
-import org.briarproject.bramble.api.contact.Contact;
-import org.briarproject.bramble.api.contact.ContactExchangeManager;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.HandshakeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.concurrent.Executor;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-import javax.inject.Inject;
-
-import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
-import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
-import static org.briarproject.bramble.util.IoUtils.read;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class ConnectionManagerImpl implements ConnectionManager {
-
-	private static final Logger LOG =
-			getLogger(ConnectionManagerImpl.class.getName());
-
-	private final Executor ioExecutor;
-	private final KeyManager keyManager;
-	private final StreamReaderFactory streamReaderFactory;
-	private final StreamWriterFactory streamWriterFactory;
-	private final SyncSessionFactory syncSessionFactory;
-	private final HandshakeManager handshakeManager;
-	private final ContactExchangeManager contactExchangeManager;
-	private final ConnectionRegistry connectionRegistry;
-
-	@Inject
-	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
-			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			HandshakeManager handshakeManager,
-			ContactExchangeManager contactExchangeManager,
-			ConnectionRegistry connectionRegistry) {
-		this.ioExecutor = ioExecutor;
-		this.keyManager = keyManager;
-		this.streamReaderFactory = streamReaderFactory;
-		this.streamWriterFactory = streamWriterFactory;
-		this.syncSessionFactory = syncSessionFactory;
-		this.handshakeManager = handshakeManager;
-		this.contactExchangeManager = contactExchangeManager;
-		this.connectionRegistry = connectionRegistry;
-	}
-
-	@Override
-	public void manageIncomingConnection(TransportId t,
-			TransportConnectionReader r) {
-		ioExecutor.execute(new ManageIncomingSimplexConnection(t, r));
-	}
-
-	@Override
-	public void manageIncomingConnection(TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageIncomingDuplexConnection(t, d));
-	}
-
-	@Override
-	public void manageIncomingConnection(PendingContactId p, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageIncomingHandshakeConnection(p, t, d));
-	}
-
-	@Override
-	public void manageOutgoingConnection(ContactId c, TransportId t,
-			TransportConnectionWriter w) {
-		ioExecutor.execute(new ManageOutgoingSimplexConnection(c, t, w));
-	}
-
-	@Override
-	public void manageOutgoingConnection(ContactId c, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageOutgoingDuplexConnection(c, t, d));
-	}
-
-	@Override
-	public void manageOutgoingConnection(PendingContactId p, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageOutgoingHandshakeConnection(p, t, d));
-	}
-
-	private byte[] readTag(InputStream in) throws IOException {
-		byte[] tag = new byte[TAG_LENGTH];
-		read(in, tag);
-		return tag;
-	}
-
-	private SyncSession createIncomingSession(StreamContext ctx,
-			TransportConnectionReader r) throws IOException {
-		InputStream streamReader = streamReaderFactory.createStreamReader(
-				r.getInputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createIncomingSession(c, streamReader);
-	}
-
-	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
-			TransportConnectionWriter w) throws IOException {
-		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
-				w.getOutputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createSimplexOutgoingSession(c,
-				w.getMaxLatency(), streamWriter);
-	}
-
-	private SyncSession createDuplexOutgoingSession(StreamContext ctx,
-			TransportConnectionWriter w) throws IOException {
-		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
-				w.getOutputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createDuplexOutgoingSession(c,
-				w.getMaxLatency(), w.getMaxIdleTime(), streamWriter);
-	}
-
-	private void disposeOnError(TransportConnectionReader reader,
-			boolean recognised) {
-		try {
-			reader.dispose(true, recognised);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
-	private void disposeOnError(TransportConnectionWriter writer) {
-		try {
-			writer.dispose(true);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
-	private class ManageIncomingSimplexConnection implements Runnable {
-
-		private final TransportId transportId;
-		private final TransportConnectionReader reader;
-
-		private ManageIncomingSimplexConnection(TransportId transportId,
-				TransportConnectionReader reader) {
-			this.transportId = transportId;
-			this.reader = reader;
-		}
-
-		@Override
-		public void run() {
-			// Read and recognise the tag
-			StreamContext ctx;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctx = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError(false);
-				return;
-			}
-			if (ctx == null) {
-				LOG.info("Unrecognised tag");
-				onError(false);
-				return;
-			}
-			ContactId contactId = ctx.getContactId();
-			if (contactId == null) {
-				LOG.warning("Received rendezvous stream, expected contact");
-				onError(true);
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Received handshake tag, expected rotation mode");
-				onError(true);
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId, true);
-			try {
-				// Create and run the incoming session
-				createIncomingSession(ctx, reader).run();
-				reader.dispose(false, true);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onError(true);
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						true);
-			}
-		}
-
-		private void onError(boolean recognised) {
-			disposeOnError(reader, recognised);
-		}
-	}
-
-	private class ManageOutgoingSimplexConnection implements Runnable {
-
-		private final ContactId contactId;
-		private final TransportId transportId;
-		private final TransportConnectionWriter writer;
-
-		private ManageOutgoingSimplexConnection(ContactId contactId,
-				TransportId transportId, TransportConnectionWriter writer) {
-			this.contactId = contactId;
-			this.transportId = transportId;
-			this.writer = writer;
-		}
-
-		@Override
-		public void run() {
-			// Allocate a stream context
-			StreamContext ctx;
-			try {
-				ctx = keyManager.getStreamContext(contactId, transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			if (ctx == null) {
-				LOG.warning("Could not allocate stream context");
-				onError();
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId,
-					false);
-			try {
-				// Create and run the outgoing session
-				createSimplexOutgoingSession(ctx, writer).run();
-				writer.dispose(false);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onError();
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						false);
-			}
-		}
-
-		private void onError() {
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageIncomingDuplexConnection implements Runnable {
-
-		private final TransportId transportId;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		@Nullable
-		private volatile SyncSession outgoingSession = null;
-
-		private ManageIncomingDuplexConnection(TransportId transportId,
-				DuplexTransportConnection connection) {
-			this.transportId = transportId;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Read and recognise the tag
-			StreamContext ctx;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctx = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onReadError(false);
-				return;
-			}
-			if (ctx == null) {
-				LOG.info("Unrecognised tag");
-				onReadError(false);
-				return;
-			}
-			ContactId contactId = ctx.getContactId();
-			if (contactId == null) {
-				LOG.warning("Expected contact tag, got rendezvous tag");
-				onReadError(true);
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Received handshake tag, expected rotation mode");
-				onReadError(true);
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId, true);
-			// Start the outgoing session on another thread
-			ioExecutor.execute(() -> runOutgoingSession(contactId));
-			try {
-				// Create and run the incoming session
-				createIncomingSession(ctx, reader).run();
-				reader.dispose(false, true);
-				// Interrupt the outgoing session so it finishes cleanly
-				SyncSession out = outgoingSession;
-				if (out != null) out.interrupt();
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onReadError(true);
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						true);
-			}
-		}
-
-		private void runOutgoingSession(ContactId contactId) {
-			// Allocate a stream context
-			StreamContext ctx;
-			try {
-				ctx = keyManager.getStreamContext(contactId, transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-				return;
-			}
-			if (ctx == null) {
-				LOG.warning("Could not allocate stream context");
-				onWriteError();
-				return;
-			}
-			try {
-				// Create and run the outgoing session
-				SyncSession out = createDuplexOutgoingSession(ctx, writer);
-				outgoingSession = out;
-				out.run();
-				writer.dispose(false);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-			}
-		}
-
-		private void onReadError(boolean recognised) {
-			disposeOnError(reader, recognised);
-			disposeOnError(writer);
-			// Interrupt the outgoing session so it finishes
-			SyncSession out = outgoingSession;
-			if (out != null) out.interrupt();
-		}
-
-		private void onWriteError() {
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageOutgoingDuplexConnection implements Runnable {
-
-		private final ContactId contactId;
-		private final TransportId transportId;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		@Nullable
-		private volatile SyncSession outgoingSession = null;
-
-		private ManageOutgoingDuplexConnection(ContactId contactId,
-				TransportId transportId, DuplexTransportConnection connection) {
-			this.contactId = contactId;
-			this.transportId = transportId;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Allocate a stream context
-			StreamContext ctx;
-			try {
-				ctx = keyManager.getStreamContext(contactId, transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-				return;
-			}
-			if (ctx == null) {
-				LOG.warning("Could not allocate stream context");
-				onWriteError();
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Cannot use handshake mode stream context");
-				onWriteError();
-				return;
-			}
-			// Start the incoming session on another thread
-			ioExecutor.execute(this::runIncomingSession);
-			try {
-				// Create and run the outgoing session
-				SyncSession out = createDuplexOutgoingSession(ctx, writer);
-				outgoingSession = out;
-				out.run();
-				writer.dispose(false);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-			}
-		}
-
-		private void runIncomingSession() {
-			// Read and recognise the tag
-			StreamContext ctx;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctx = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onReadError();
-				return;
-			}
-			// Unrecognised tags are suspicious in this case
-			if (ctx == null) {
-				LOG.warning("Unrecognised tag for returning stream");
-				onReadError();
-				return;
-			}
-			// Check that the stream comes from the expected contact
-			ContactId inContactId = ctx.getContactId();
-			if (inContactId == null) {
-				LOG.warning("Expected contact tag, got rendezvous tag");
-				onReadError();
-				return;
-			}
-			if (!contactId.equals(inContactId)) {
-				LOG.warning("Wrong contact ID for returning stream");
-				onReadError();
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Received handshake tag, expected rotation mode");
-				onReadError();
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId,
-					false);
-			try {
-				// Create and run the incoming session
-				createIncomingSession(ctx, reader).run();
-				reader.dispose(false, true);
-				// Interrupt the outgoing session so it finishes cleanly
-				SyncSession out = outgoingSession;
-				if (out != null) out.interrupt();
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onReadError();
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						false);
-			}
-		}
-
-		private void onReadError() {
-			// 'Recognised' is always true for outgoing connections
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-			// Interrupt the outgoing session so it finishes
-			SyncSession out = outgoingSession;
-			if (out != null) out.interrupt();
-		}
-
-		private void onWriteError() {
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageIncomingHandshakeConnection implements Runnable {
-
-		private final PendingContactId pendingContactId;
-		private final TransportId transportId;
-		private final DuplexTransportConnection connection;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		private ManageIncomingHandshakeConnection(
-				PendingContactId pendingContactId, TransportId transportId,
-				DuplexTransportConnection connection) {
-			this.pendingContactId = pendingContactId;
-			this.transportId = transportId;
-			this.connection = connection;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Read and recognise the tag
-			StreamContext ctxIn;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctxIn = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError(false);
-				return;
-			}
-			if (ctxIn == null) {
-				LOG.info("Unrecognised tag");
-				onError(false);
-				return;
-			}
-			PendingContactId inPendingContactId = ctxIn.getPendingContactId();
-			if (inPendingContactId == null) {
-				LOG.warning("Expected rendezvous tag, got contact tag");
-				onError(true);
-				return;
-			}
-			// Allocate the outgoing stream context
-			StreamContext ctxOut;
-			try {
-				ctxOut = keyManager.getStreamContext(pendingContactId,
-						transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onError(true);
-				return;
-			}
-			if (ctxOut == null) {
-				LOG.warning("Could not allocate stream context");
-				onError(true);
-				return;
-			}
-			// Close the connection if it's redundant
-			if (!connectionRegistry.registerConnection(pendingContactId)) {
-				LOG.info("Redundant rendezvous connection");
-				onError(true);
-				return;
-			}
-			// Handshake and exchange contacts
-			try {
-				InputStream in = streamReaderFactory.createStreamReader(
-						reader.getInputStream(), ctxIn);
-				// Flush the output stream to send the outgoing stream header
-				StreamWriter out = streamWriterFactory.createStreamWriter(
-						writer.getOutputStream(), ctxOut);
-				out.getOutputStream().flush();
-				HandshakeResult result = handshakeManager.handshake(
-						pendingContactId, in, out);
-				Contact contact = contactExchangeManager.exchangeContacts(
-						pendingContactId, connection, result.getMasterKey(),
-						result.isAlice(), false);
-				connectionRegistry.unregisterConnection(pendingContactId, true);
-				// Reuse the connection as a transport connection
-				manageOutgoingConnection(contact.getId(), transportId,
-						connection);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError(true);
-				connectionRegistry.unregisterConnection(pendingContactId,
-						false);
-			}
-		}
-
-		private void onError(boolean recognised) {
-			disposeOnError(reader, recognised);
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageOutgoingHandshakeConnection implements Runnable {
-
-		private final PendingContactId pendingContactId;
-		private final TransportId transportId;
-		private final DuplexTransportConnection connection;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		private ManageOutgoingHandshakeConnection(
-				PendingContactId pendingContactId, TransportId transportId,
-				DuplexTransportConnection connection) {
-			this.pendingContactId = pendingContactId;
-			this.transportId = transportId;
-			this.connection = connection;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Allocate the outgoing stream context
-			StreamContext ctxOut;
-			try {
-				ctxOut = keyManager.getStreamContext(pendingContactId,
-						transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			if (ctxOut == null) {
-				LOG.warning("Could not allocate stream context");
-				onError();
-				return;
-			}
-			// Flush the output stream to send the outgoing stream header
-			StreamWriter out;
-			try {
-				out = streamWriterFactory.createStreamWriter(
-						writer.getOutputStream(), ctxOut);
-				out.getOutputStream().flush();
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			// Read and recognise the tag
-			StreamContext ctxIn;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctxIn = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			// Unrecognised tags are suspicious in this case
-			if (ctxIn == null) {
-				LOG.warning("Unrecognised tag for returning stream");
-				onError();
-				return;
-			}
-			// Check that the stream comes from the expected pending contact
-			PendingContactId inPendingContactId = ctxIn.getPendingContactId();
-			if (inPendingContactId == null) {
-				LOG.warning("Expected rendezvous tag, got contact tag");
-				onError();
-				return;
-			}
-			if (!inPendingContactId.equals(pendingContactId)) {
-				LOG.warning("Wrong pending contact ID for returning stream");
-				onError();
-				return;
-			}
-			// Close the connection if it's redundant
-			if (!connectionRegistry.registerConnection(pendingContactId)) {
-				LOG.info("Redundant rendezvous connection");
-				onError();
-				return;
-			}
-			// Handshake and exchange contacts
-			try {
-				InputStream in = streamReaderFactory.createStreamReader(
-						reader.getInputStream(), ctxIn);
-				HandshakeResult result = handshakeManager.handshake(
-						pendingContactId, in, out);
-				Contact contact = contactExchangeManager.exchangeContacts(
-						pendingContactId, connection, result.getMasterKey(),
-						result.isAlice(), false);
-				connectionRegistry.unregisterConnection(pendingContactId, true);
-				// Reuse the connection as a transport connection
-				manageOutgoingConnection(contact.getId(), transportId,
-						connection);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				connectionRegistry.unregisterConnection(pendingContactId,
-						false);
-			}
-		}
-
-		private void onError() {
-			// 'Recognised' is always true for outgoing connections
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionRegistryImpl.java

@@ -1,150 +0,0 @@
-package org.briarproject.bramble.plugin;
-
-import org.briarproject.bramble.api.Multiset;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.logging.Logger;
-
-import javax.annotation.concurrent.GuardedBy;
-import javax.annotation.concurrent.ThreadSafe;
-import javax.inject.Inject;
-
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
-
-@ThreadSafe
-@NotNullByDefault
-class ConnectionRegistryImpl implements ConnectionRegistry {
-
-	private static final Logger LOG =
-			getLogger(ConnectionRegistryImpl.class.getName());
-
-	private final EventBus eventBus;
-
-	private final Object lock = new Object();
-	@GuardedBy("lock")
-	private final Map<TransportId, Multiset<ContactId>> contactConnections;
-	@GuardedBy("lock")
-	private final Multiset<ContactId> contactCounts;
-	@GuardedBy("lock")
-	private final Set<PendingContactId> connectedPendingContacts;
-
-	@Inject
-	ConnectionRegistryImpl(EventBus eventBus) {
-		this.eventBus = eventBus;
-		contactConnections = new HashMap<>();
-		contactCounts = new Multiset<>();
-		connectedPendingContacts = new HashSet<>();
-	}
-
-	@Override
-	public void registerConnection(ContactId c, TransportId t,
-			boolean incoming) {
-		if (LOG.isLoggable(INFO)) {
-			if (incoming) LOG.info("Incoming connection registered: " + t);
-			else LOG.info("Outgoing connection registered: " + t);
-		}
-		boolean firstConnection = false;
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			if (m == null) {
-				m = new Multiset<>();
-				contactConnections.put(t, m);
-			}
-			m.add(c);
-			if (contactCounts.add(c) == 1) firstConnection = true;
-		}
-		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
-		if (firstConnection) {
-			LOG.info("Contact connected");
-			eventBus.broadcast(new ContactConnectedEvent(c));
-		}
-	}
-
-	@Override
-	public void unregisterConnection(ContactId c, TransportId t,
-			boolean incoming) {
-		if (LOG.isLoggable(INFO)) {
-			if (incoming) LOG.info("Incoming connection unregistered: " + t);
-			else LOG.info("Outgoing connection unregistered: " + t);
-		}
-		boolean lastConnection = false;
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			if (m == null || !m.contains(c))
-				throw new IllegalArgumentException();
-			m.remove(c);
-			if (contactCounts.remove(c) == 0) lastConnection = true;
-		}
-		eventBus.broadcast(new ConnectionClosedEvent(c, t, incoming));
-		if (lastConnection) {
-			LOG.info("Contact disconnected");
-			eventBus.broadcast(new ContactDisconnectedEvent(c));
-		}
-	}
-
-	@Override
-	public Collection<ContactId> getConnectedContacts(TransportId t) {
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			if (m == null) return Collections.emptyList();
-			List<ContactId> ids = new ArrayList<>(m.keySet());
-			if (LOG.isLoggable(INFO))
-				LOG.info(ids.size() + " contacts connected: " + t);
-			return ids;
-		}
-	}
-
-	@Override
-	public boolean isConnected(ContactId c, TransportId t) {
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			return m != null && m.contains(c);
-		}
-	}
-
-	@Override
-	public boolean isConnected(ContactId c) {
-		synchronized (lock) {
-			return contactCounts.contains(c);
-		}
-	}
-
-	@Override
-	public boolean registerConnection(PendingContactId p) {
-		boolean added;
-		synchronized (lock) {
-			added = connectedPendingContacts.add(p);
-		}
-		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
-		return added;
-	}
-
-	@Override
-	public void unregisterConnection(PendingContactId p, boolean success) {
-		synchronized (lock) {
-			if (!connectedPendingContacts.remove(p))
-				throw new IllegalArgumentException();
-		}
-		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginManagerImpl.java

@@ -1,13 +1,14 @@
 package org.briarproject.bramble.plugin;
 
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.Plugin;
+import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.PluginException;
@@ -18,8 +19,9 @@ import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.plugin.event.TransportDisabledEvent;
+import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportEnabledEvent;
+import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
+import org.briarproject.bramble.api.plugin.event.TransportStateEvent;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.properties.TransportProperties;
@@ -36,6 +38,7 @@ import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executor;
 import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Logger;
 
 import javax.annotation.concurrent.ThreadSafe;
@@ -45,6 +48,9 @@ import static java.util.logging.Level.FINE;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.plugin.Plugin.PREF_PLUGIN_ENABLE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.STARTING_STOPPING;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -177,6 +183,26 @@ class PluginManagerImpl implements PluginManager, Service {
 		return supported;
 	}
 
+	@Override
+	public void setPluginEnabled(TransportId t, boolean enabled) {
+		Plugin plugin = plugins.get(t);
+		if (plugin == null) return;
+
+		Settings s = new Settings();
+		s.putBoolean(PREF_PLUGIN_ENABLE, enabled);
+		ioExecutor.execute(() -> mergeSettings(s, t.getString()));
+	}
+
+	private void mergeSettings(Settings s, String namespace) {
+		try {
+			long start = now();
+			settingsManager.mergeSettings(s, namespace);
+			logDuration(LOG, "Merging settings", start);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+
 	private class PluginStarter implements Runnable {
 
 		private final Plugin plugin;
@@ -250,7 +276,8 @@ class PluginManagerImpl implements PluginManager, Service {
 	private class Callback implements PluginCallback {
 
 		private final TransportId id;
-		private final AtomicBoolean enabled = new AtomicBoolean(false);
+		private final AtomicReference<State> state =
+				new AtomicReference<>(STARTING_STOPPING);
 
 		private Callback(TransportId id) {
 			this.id = id;
@@ -278,11 +305,7 @@ class PluginManagerImpl implements PluginManager, Service {
 
 		@Override
 		public void mergeSettings(Settings s) {
-			try {
+			PluginManagerImpl.this.mergeSettings(s, id.getString());
-				settingsManager.mergeSettings(s, id.getString());
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-			}
 		}
 
 		@Override
@@ -295,15 +318,20 @@ class PluginManagerImpl implements PluginManager, Service {
 		}
 
 		@Override
-		public void transportEnabled() {
+		public void pluginStateChanged(State newState) {
-			if (!enabled.getAndSet(true))
+			State oldState = state.getAndSet(newState);
-				eventBus.broadcast(new TransportEnabledEvent(id));
+			if (newState != oldState) {
-		}
+				if (LOG.isLoggable(INFO)) {
-
+					LOG.info(id + " changed from state " + oldState
-		@Override
+							+ " to " + newState);
-		public void transportDisabled() {
+				}
-			if (enabled.getAndSet(false))
+				eventBus.broadcast(new TransportStateEvent(id, newState));
-				eventBus.broadcast(new TransportDisabledEvent(id));
+				if (newState == ACTIVE) {
+					eventBus.broadcast(new TransportActiveEvent(id));
+				} else if (oldState == ACTIVE) {
+					eventBus.broadcast(new TransportInactiveEvent(id));
+				}
+			}
 		}
 
 		@Override

bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginModule.java

@@ -3,8 +3,6 @@ package org.briarproject.bramble.plugin;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.PluginManager;
 
@@ -29,20 +27,6 @@ public class PluginModule {
 		return new BackoffFactoryImpl();
 	}
 
-	@Provides
-	@Singleton
-	ConnectionManager provideConnectionManager(
-			ConnectionManagerImpl connectionManager) {
-		return connectionManager;
-	}
-
-	@Provides
-	@Singleton
-	ConnectionRegistry provideConnectionRegistry(
-			ConnectionRegistryImpl connectionRegistry) {
-		return connectionRegistry;
-	}
-
 	@Provides
 	@Singleton
 	PluginManager providePluginManager(LifecycleManager lifecycleManager,

bramble-core/src/main/java/org/briarproject/bramble/plugin/PollerImpl.java

@@ -1,6 +1,8 @@
 package org.briarproject.bramble.plugin;
 
 import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.event.ContactAddedEvent;
 import org.briarproject.bramble.api.db.DbException;
@@ -9,8 +11,6 @@ import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
@@ -20,8 +20,8 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
 import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.TransportDisabledEvent;
+import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportEnabledEvent;
+import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.properties.TransportPropertyManager;
@@ -98,21 +98,21 @@ class PollerImpl implements Poller, EventListener {
 			ConnectionClosedEvent c = (ConnectionClosedEvent) e;
 			// Reschedule polling, the polling interval may have decreased
 			reschedule(c.getTransportId());
-			if (!c.isIncoming()) {
+			// If an outgoing connection failed, try to reconnect
-				// Connect to the disconnected contact
+			if (!c.isIncoming() && c.isException()) {
 				connectToContact(c.getContactId(), c.getTransportId());
 			}
 		} else if (e instanceof ConnectionOpenedEvent) {
 			ConnectionOpenedEvent c = (ConnectionOpenedEvent) e;
 			// Reschedule polling, the polling interval may have decreased
 			reschedule(c.getTransportId());
-		} else if (e instanceof TransportEnabledEvent) {
+		} else if (e instanceof TransportActiveEvent) {
-			TransportEnabledEvent t = (TransportEnabledEvent) e;
+			TransportActiveEvent t = (TransportActiveEvent) e;
-			// Poll the newly enabled transport
+			// Poll the newly activated transport
 			pollNow(t.getTransportId());
-		} else if (e instanceof TransportDisabledEvent) {
+		} else if (e instanceof TransportInactiveEvent) {
-			TransportDisabledEvent t = (TransportDisabledEvent) e;
+			TransportInactiveEvent t = (TransportInactiveEvent) e;
-			// Cancel polling for the disabled transport
+			// Cancel polling for the deactivated transport
 			cancel(t.getTransportId());
 		}
 	}
@@ -215,7 +215,7 @@ class PollerImpl implements Poller, EventListener {
 			Map<ContactId, TransportProperties> remote =
 					transportPropertyManager.getRemoteProperties(t);
 			Collection<ContactId> connected =
-					connectionRegistry.getConnectedContacts(t);
+					connectionRegistry.getConnectedOrBetterContacts(t);
 			Collection<Pair<TransportProperties, ConnectionHandler>>
 					properties = new ArrayList<>();
 			for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {

bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothConnectionLimiter.java

@@ -23,17 +23,9 @@ interface BluetoothConnectionLimiter {
 	boolean canOpenContactConnection();
 
 	/**
-	 * Informs the limiter that a contact connection has been opened. The
+	 * Informs the limiter that the given connection has been opened.
-	 * limiter may close the new connection if key agreement is in progress.
-	 * <p/>
-	 * Returns false if the limiter has closed the new connection.
 	 */
-	boolean contactConnectionOpened(DuplexTransportConnection conn);
+	void connectionOpened(DuplexTransportConnection conn);
-
-	/**
-	 * Informs the limiter that a key agreement connection has been opened.
-	 */
-	void keyAgreementConnectionOpened(DuplexTransportConnection conn);
 
 	/**
 	 * Informs the limiter that the given connection has been closed.

bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothConnectionLimiterImpl.java

@@ -1,46 +1,48 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
+import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.sync.event.CloseSyncConnectionsEvent;
 
-import java.io.IOException;
-import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.logging.Logger;
 
+import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.logging.Level.INFO;
-import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.util.LogUtils.logException;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 
 @NotNullByDefault
 @ThreadSafe
 class BluetoothConnectionLimiterImpl implements BluetoothConnectionLimiter {
 
 	private static final Logger LOG =
-			Logger.getLogger(BluetoothConnectionLimiterImpl.class.getName());
+			getLogger(BluetoothConnectionLimiterImpl.class.getName());
+
+	private final EventBus eventBus;
 
 	private final Object lock = new Object();
-	// The following are locking: lock
+	@GuardedBy("lock")
-	private final LinkedList<DuplexTransportConnection> connections =
+	private final List<DuplexTransportConnection> connections =
 			new LinkedList<>();
+	@GuardedBy("lock")
 	private boolean keyAgreementInProgress = false;
 
+	BluetoothConnectionLimiterImpl(EventBus eventBus) {
+		this.eventBus = eventBus;
+	}
+
 	@Override
 	public void keyAgreementStarted() {
-		List<DuplexTransportConnection> close;
 		synchronized (lock) {
 			keyAgreementInProgress = true;
-			close = new ArrayList<>(connections);
-			connections.clear();
 		}
-		if (LOG.isLoggable(INFO)) {
+		LOG.info("Key agreement started");
-			LOG.info("Key agreement started, closing " + close.size() +
+		eventBus.broadcast(new CloseSyncConnectionsEvent(ID));
-					" connections");
-		}
-		for (DuplexTransportConnection conn : close) tryToClose(conn);
 	}
 
 	@Override
@@ -65,35 +67,12 @@ class BluetoothConnectionLimiterImpl implements BluetoothConnectionLimiter {
 	}
 
 	@Override
-	public boolean contactConnectionOpened(DuplexTransportConnection conn) {
+	public void connectionOpened(DuplexTransportConnection conn) {
-		boolean accept = true;
 		synchronized (lock) {
-			if (keyAgreementInProgress) {
-				LOG.info("Refusing contact connection during key agreement");
-				accept = false;
-			} else {
-				LOG.info("Accepting contact connection");
-				connections.add(conn);
-			}
-		}
-		if (!accept) tryToClose(conn);
-		return accept;
-	}
-
-	@Override
-	public void keyAgreementConnectionOpened(DuplexTransportConnection conn) {
-		synchronized (lock) {
-			LOG.info("Accepting key agreement connection");
 			connections.add(conn);
-		}
+			if (LOG.isLoggable(INFO)) {
-	}
+				LOG.info("Connection opened, " + connections.size() + " open");
-
+			}
-	private void tryToClose(DuplexTransportConnection conn) {
-		try {
-			conn.getWriter().dispose(false);
-			conn.getReader().dispose(false, false);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
 		}
 	}
 
@@ -101,8 +80,9 @@ class BluetoothConnectionLimiterImpl implements BluetoothConnectionLimiter {
 	public void connectionClosed(DuplexTransportConnection conn) {
 		synchronized (lock) {
 			connections.remove(conn);
-			if (LOG.isLoggable(INFO))
+			if (LOG.isLoggable(INFO)) {
 				LOG.info("Connection closed, " + connections.size() + " open");
+			}
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothPlugin.java

@@ -5,11 +5,14 @@ import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventListener;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementListeningEvent;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementStoppedListeningEvent;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
@@ -36,16 +39,21 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_BLUETOOTH;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
-import static org.briarproject.bramble.api.plugin.BluetoothConstants.PREF_BT_ENABLE;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.DISABLED;
+import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.STARTING_STOPPING;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
@@ -60,17 +68,18 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			getLogger(BluetoothPlugin.class.getName());
 
 	final BluetoothConnectionLimiter connectionLimiter;
+	final TimeoutMonitor timeoutMonitor;
 
 	private final Executor ioExecutor;
 	private final SecureRandom secureRandom;
 	private final Backoff backoff;
 	private final PluginCallback callback;
-	private final int maxLatency;
+	private final int maxLatency, maxIdleTime;
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
-	private volatile boolean running = false, contactConnections = false;
+	protected final PluginState state = new PluginState();
+
 	private volatile String contactConnectionsUuid = null;
-	private volatile SS socket = null;
 
 	abstract void initialiseAdapter() throws IOException;
 
@@ -105,28 +114,35 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	abstract DuplexTransportConnection discoverAndConnect(String uuid);
 
 	BluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			Executor ioExecutor, SecureRandom secureRandom,
+			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			Backoff backoff, PluginCallback callback, int maxLatency) {
+			SecureRandom secureRandom, Backoff backoff,
+			PluginCallback callback, int maxLatency, int maxIdleTime) {
 		this.connectionLimiter = connectionLimiter;
+		this.timeoutMonitor = timeoutMonitor;
 		this.ioExecutor = ioExecutor;
 		this.secureRandom = secureRandom;
 		this.backoff = backoff;
 		this.callback = callback;
 		this.maxLatency = maxLatency;
+		this.maxIdleTime = maxIdleTime;
 	}
 
 	void onAdapterEnabled() {
 		LOG.info("Bluetooth enabled");
 		// We may not have been able to get the local address before
 		ioExecutor.execute(this::updateProperties);
-		if (shouldAllowContactConnections()) bind();
+		if (getState() == INACTIVE) bind();
 	}
 
 	void onAdapterDisabled() {
 		LOG.info("Bluetooth disabled");
-		tryToClose(socket);
 		connectionLimiter.allConnectionsClosed();
-		callback.transportDisabled();
+		// The server socket may not have been closed automatically
+		SS ss = state.clearServerSocket();
+		if (ss != null) {
+			LOG.info("Closing server socket");
+			tryToClose(ss);
+		}
 	}
 
 	@Override
@@ -141,38 +157,30 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 
 	@Override
 	public int getMaxIdleTime() {
-		// Bluetooth detects dead connections so we don't need keepalives
+		return maxIdleTime;
-		return Integer.MAX_VALUE;
 	}
 
 	@Override
 	public void start() throws PluginException {
 		if (used.getAndSet(true)) throw new IllegalStateException();
+		Settings settings = callback.getSettings();
+		boolean enabledByUser = settings.getBoolean(PREF_PLUGIN_ENABLE, false);
+		state.setStarted(enabledByUser);
 		try {
 			initialiseAdapter();
 		} catch (IOException e) {
 			throw new PluginException(e);
 		}
 		updateProperties();
-		running = true;
+		if (enabledByUser) {
-		loadSettings(callback.getSettings());
-		if (shouldAllowContactConnections()) {
 			if (isAdapterEnabled()) bind();
 			else enableAdapter();
 		}
 	}
 
-	private void loadSettings(Settings settings) {
-		contactConnections = settings.getBoolean(PREF_BT_ENABLE, false);
-	}
-
-	private boolean shouldAllowContactConnections() {
-		return contactConnections;
-	}
-
 	private void bind() {
 		ioExecutor.execute(() -> {
-			if (!isRunning() || !shouldAllowContactConnections()) return;
+			if (getState() != INACTIVE) return;
 			// Bind a server socket to accept connections from contacts
 			SS ss;
 			try {
@@ -181,14 +189,13 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 				logException(LOG, WARNING, e);
 				return;
 			}
-			if (!isRunning() || !shouldAllowContactConnections()) {
+			if (!state.setServerSocket(ss)) {
+				LOG.info("Closing redundant server socket");
 				tryToClose(ss);
 				return;
 			}
-			socket = ss;
 			backoff.reset();
-			callback.transportEnabled();
+			acceptContactConnections(ss);
-			acceptContactConnections();
 		});
 	}
 
@@ -217,34 +224,39 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		if (changed) callback.mergeLocalProperties(p);
 	}
 
-	private void acceptContactConnections() {
+	private void acceptContactConnections(SS ss) {
 		while (true) {
 			DuplexTransportConnection conn;
 			try {
-				conn = acceptConnection(socket);
+				conn = acceptConnection(ss);
 			} catch (IOException e) {
-				// This is expected when the socket is closed
+				// This is expected when the server socket is closed
-				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+				LOG.info("Server socket closed");
+				state.clearServerSocket();
 				return;
 			}
+			LOG.info("Connection received");
+			connectionLimiter.connectionOpened(conn);
 			backoff.reset();
-			if (connectionLimiter.contactConnectionOpened(conn))
+			callback.handleConnection(conn);
-				callback.handleConnection(conn);
-			if (!running) return;
 		}
 	}
 
 	@Override
 	public void stop() {
-		running = false;
+		SS ss = state.setStopped();
-		tryToClose(socket);
+		tryToClose(ss);
-		callback.transportDisabled();
 		disableAdapterIfEnabledByUs();
 	}
 
 	@Override
-	public boolean isRunning() {
+	public State getState() {
-		return running && isAdapterEnabled();
+		return state.getState();
+	}
+
+	@Override
+	public int getReasonsDisabled() {
+		return state.getReasonsDisabled();
 	}
 
 	@Override
@@ -260,7 +272,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	@Override
 	public void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
 			properties) {
-		if (!isRunning() || !shouldAllowContactConnections()) return;
+		if (getState() != ACTIVE) return;
 		backoff.increment();
 		for (Pair<TransportProperties, ConnectionHandler> p : properties) {
 			connect(p.getFirst(), p.getSecond());
@@ -273,13 +285,10 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		String uuid = p.get(PROP_UUID);
 		if (isNullOrEmpty(uuid)) return;
 		ioExecutor.execute(() -> {
-			if (!isRunning() || !shouldAllowContactConnections()) return;
-			if (!connectionLimiter.canOpenContactConnection()) return;
 			DuplexTransportConnection d = createConnection(p);
 			if (d != null) {
 				backoff.reset();
-				if (connectionLimiter.contactConnectionOpened(d))
+				h.handleConnection(d);
-					h.handleConnection(d);
 			}
 		});
 	}
@@ -317,16 +326,15 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 
 	@Override
 	public DuplexTransportConnection createConnection(TransportProperties p) {
-		if (!isRunning() || !shouldAllowContactConnections()) return null;
+		if (getState() != ACTIVE) return null;
 		if (!connectionLimiter.canOpenContactConnection()) return null;
 		String address = p.get(PROP_ADDRESS);
 		if (isNullOrEmpty(address)) return null;
 		String uuid = p.get(PROP_UUID);
 		if (isNullOrEmpty(uuid)) return null;
 		DuplexTransportConnection conn = connect(address, uuid);
-		if (conn == null) return null;
+		if (conn != null) connectionLimiter.connectionOpened(conn);
-		// TODO: Why don't we reset the backoff here?
+		return conn;
-		return connectionLimiter.contactConnectionOpened(conn) ? conn : null;
 	}
 
 	@Override
@@ -336,7 +344,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 
 	@Override
 	public KeyAgreementListener createKeyAgreementListener(byte[] commitment) {
-		if (!isRunning()) return null;
+		if (getState() != ACTIVE) return null;
 		// No truncation necessary because COMMIT_LENGTH = 16
 		String uuid = UUID.nameUUIDFromBytes(commitment).toString();
 		if (LOG.isLoggable(INFO)) LOG.info("Key agreement UUID " + uuid);
@@ -348,7 +356,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			logException(LOG, WARNING, e);
 			return null;
 		}
-		if (!isRunning()) {
+		if (getState() != ACTIVE) {
 			tryToClose(ss);
 			return null;
 		}
@@ -362,7 +370,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
 			byte[] commitment, BdfList descriptor) {
-		if (!isRunning()) return null;
+		if (getState() != ACTIVE) return null;
 		// No truncation necessary because COMMIT_LENGTH = 16
 		String uuid = UUID.nameUUIDFromBytes(commitment).toString();
 		DuplexTransportConnection conn;
@@ -382,7 +390,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 				LOG.info("Connecting to key agreement UUID " + uuid);
 			conn = connect(address, uuid);
 		}
-		if (conn != null) connectionLimiter.keyAgreementConnectionOpened(conn);
+		if (conn != null) connectionLimiter.connectionOpened(conn);
 		return conn;
 	}
 
@@ -422,17 +430,17 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		}
 	}
 
+	@IoExecutor
 	private void onSettingsUpdated(Settings settings) {
-		boolean wasAllowed = shouldAllowContactConnections();
+		boolean enabledByUser = settings.getBoolean(PREF_PLUGIN_ENABLE, false);
-		loadSettings(settings);
+		SS ss = state.setEnabledByUser(enabledByUser);
-		boolean isAllowed = shouldAllowContactConnections();
+		State s = getState();
-		if (wasAllowed && !isAllowed) {
+		if (ss != null) {
-			LOG.info("Contact connections disabled");
+			LOG.info("Disabled by user, closing server socket");
-			tryToClose(socket);
+			tryToClose(ss);
-			callback.transportDisabled();
 			disableAdapterIfEnabledByUs();
-		} else if (!wasAllowed && isAllowed) {
+		} else if (s == INACTIVE) {
-			LOG.info("Contact connections enabled");
+			LOG.info("Enabled by user, opening server socket");
 			if (isAdapterEnabled()) bind();
 			else enableAdapter();
 		}
@@ -451,7 +459,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		public KeyAgreementConnection accept() throws IOException {
 			DuplexTransportConnection conn = acceptConnection(ss);
 			if (LOG.isLoggable(INFO)) LOG.info(ID + ": Incoming connection");
-			connectionLimiter.keyAgreementConnectionOpened(conn);
+			connectionLimiter.connectionOpened(conn);
 			return new KeyAgreementConnection(conn, ID);
 		}
 
@@ -460,4 +468,70 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			tryToClose(ss);
 		}
 	}
+
+	@ThreadSafe
+	@NotNullByDefault
+	protected class PluginState {
+
+		@GuardedBy("this")
+		private boolean started = false,
+				stopped = false,
+				enabledByUser = false;
+
+		@GuardedBy("this")
+		@Nullable
+		private SS serverSocket = null;
+
+		synchronized void setStarted(boolean enabledByUser) {
+			started = true;
+			this.enabledByUser = enabledByUser;
+			callback.pluginStateChanged(getState());
+		}
+
+		@Nullable
+		synchronized SS setStopped() {
+			stopped = true;
+			SS ss = serverSocket;
+			serverSocket = null;
+			callback.pluginStateChanged(getState());
+			return ss;
+		}
+
+		@Nullable
+		synchronized SS setEnabledByUser(boolean enabledByUser) {
+			this.enabledByUser = enabledByUser;
+			SS ss = null;
+			if (!enabledByUser) {
+				ss = serverSocket;
+				serverSocket = null;
+			}
+			callback.pluginStateChanged(getState());
+			return ss;
+		}
+
+		synchronized boolean setServerSocket(SS ss) {
+			if (stopped || serverSocket != null) return false;
+			serverSocket = ss;
+			callback.pluginStateChanged(getState());
+			return true;
+		}
+
+		@Nullable
+		synchronized SS clearServerSocket() {
+			SS ss = serverSocket;
+			serverSocket = null;
+			callback.pluginStateChanged(getState());
+			return ss;
+		}
+
+		synchronized State getState() {
+			if (!started || stopped) return STARTING_STOPPING;
+			if (!enabledByUser) return DISABLED;
+			return serverSocket == null ? INACTIVE : ACTIVE;
+		}
+
+		synchronized int getReasonsDisabled() {
+			return getState() == DISABLED ? REASON_USER : 0;
+		}
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/file/FilePlugin.java

@@ -16,6 +16,7 @@ import java.util.logging.Logger;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.plugin.FileConstants.PROP_PATH;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
 
@@ -45,7 +46,7 @@ abstract class FilePlugin implements SimplexPlugin {
 
 	@Override
 	public TransportConnectionReader createReader(TransportProperties p) {
-		if (!isRunning()) return null;
+		if (getState() != ACTIVE) return null;
 		String path = p.get(PROP_PATH);
 		if (isNullOrEmpty(path)) return null;
 		try {
@@ -60,7 +61,7 @@ abstract class FilePlugin implements SimplexPlugin {
 
 	@Override
 	public TransportConnectionWriter createWriter(TransportProperties p) {
-		if (!isRunning()) return null;
+		if (getState() != ACTIVE) return null;
 		String path = p.get(PROP_PATH);
 		if (isNullOrEmpty(path)) return null;
 		try {

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/LanTcpPlugin.java

@@ -11,22 +11,26 @@ import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.settings.Settings;
-import org.briarproject.bramble.util.IoUtils;
 
 import java.io.IOException;
 import java.net.Inet4Address;
+import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.InterfaceAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
-import java.net.SocketAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
-import java.util.Comparator;
+import java.util.Deque;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
+import javax.annotation.Nullable;
+
+import static java.lang.Integer.parseInt;
 import static java.util.Collections.addAll;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.sort;
@@ -35,27 +39,58 @@ import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_LAN;
 import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
+import static org.briarproject.bramble.api.plugin.LanTcpConstants.PREF_IPV6;
 import static org.briarproject.bramble.api.plugin.LanTcpConstants.PREF_LAN_IP_PORTS;
+import static org.briarproject.bramble.api.plugin.LanTcpConstants.PROP_IPV6;
 import static org.briarproject.bramble.api.plugin.LanTcpConstants.PROP_IP_PORTS;
+import static org.briarproject.bramble.api.plugin.LanTcpConstants.PROP_PORT;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.MAX_16_BIT_UNSIGNED;
+import static org.briarproject.bramble.util.IoUtils.tryToClose;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubSocketAddress;
+import static org.briarproject.bramble.util.StringUtils.fromHexString;
 import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
 import static org.briarproject.bramble.util.StringUtils.join;
+import static org.briarproject.bramble.util.StringUtils.toHexString;
+import static org.briarproject.bramble.util.StringUtils.utf8IsTooLong;
 
 @NotNullByDefault
 class LanTcpPlugin extends TcpPlugin {
 
 	private static final Logger LOG = getLogger(LanTcpPlugin.class.getName());
 
-	private static final LanAddressComparator ADDRESS_COMPARATOR =
-			new LanAddressComparator();
-
-	private static final int MAX_ADDRESSES = 4;
 	private static final String SEPARATOR = ",";
 
+	/**
+	 * The IP address of an Android device providing a wifi access point.
+	 * <p>
+	 * Most devices use this address, but at least one device (Honor 8A) may
+	 * use other addresses in the range 192.168.43.0/24.
+	 */
+	private static final InetAddress WIFI_AP_ADDRESS;
+
+	/**
+	 * The IP address of an Android device providing a wifi direct
+	 * legacy mode access point.
+	 */
+	private static final InetAddress WIFI_DIRECT_AP_ADDRESS;
+
+	static {
+		try {
+			WIFI_AP_ADDRESS = InetAddress.getByAddress(
+					new byte[] {(byte) 192, (byte) 168, 43, 1});
+			WIFI_DIRECT_AP_ADDRESS = InetAddress.getByAddress(
+					new byte[] {(byte) 192, (byte) 168, 49, 1});
+		} catch (UnknownHostException e) {
+			// Should only be thrown if the address has an illegal length
+			throw new AssertionError(e);
+		}
+	}
+
 	LanTcpPlugin(Executor ioExecutor, Backoff backoff, PluginCallback callback,
-			int maxLatency, int maxIdleTime) {
+			int maxLatency, int maxIdleTime, int connectionTimeout) {
-		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
+		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime,
+				connectionTimeout);
 	}
 
 	@Override
@@ -64,133 +99,228 @@ class LanTcpPlugin extends TcpPlugin {
 	}
 
 	@Override
-	protected List<InetSocketAddress> getLocalSocketAddresses() {
+	public void start() {
-		// Use the same address and port as last time if available
+		if (used.getAndSet(true)) throw new IllegalStateException();
+		initialisePortProperty();
+		Settings settings = callback.getSettings();
+		state.setStarted(settings.getBoolean(PREF_PLUGIN_ENABLE, false));
+		bind();
+	}
+
+	protected void initialisePortProperty() {
 		TransportProperties p = callback.getLocalProperties();
-		String oldIpPorts = p.get(PROP_IP_PORTS);
+		if (isNullOrEmpty(p.get(PROP_PORT))) {
-		List<InetSocketAddress> olds = parseSocketAddresses(oldIpPorts);
+			int port = chooseEphemeralPort();
-		List<InetSocketAddress> locals = new ArrayList<>();
+			p.put(PROP_PORT, String.valueOf(port));
-		for (InetAddress local : getLocalIpAddresses()) {
+			callback.mergeLocalProperties(p);
-			if (isAcceptableAddress(local)) {
-				// If this is the old address, try to use the same port
-				for (InetSocketAddress old : olds) {
-					if (old.getAddress().equals(local))
-						locals.add(new InetSocketAddress(local, old.getPort()));
-				}
-				locals.add(new InetSocketAddress(local, 0));
-			}
 		}
-		sort(locals, ADDRESS_COMPARATOR);
+	}
+
+	@Override
+	protected List<InetSocketAddress> getLocalSocketAddresses(boolean ipv4) {
+		TransportProperties p = callback.getLocalProperties();
+		int preferredPort = parsePortProperty(p.get(PROP_PORT));
+		String oldIpPorts = p.get(PROP_IP_PORTS);
+		List<InetSocketAddress> olds = parseIpv4SocketAddresses(oldIpPorts);
+
+		List<InetSocketAddress> locals = new ArrayList<>();
+		List<InetSocketAddress> fallbacks = new ArrayList<>();
+		for (InetAddress local : getUsableLocalInetAddresses(ipv4)) {
+			// If we've used this address before, try to use the same port
+			int port = preferredPort;
+			for (InetSocketAddress old : olds) {
+				if (old.getAddress().equals(local)) {
+					port = old.getPort();
+					break;
+				}
+			}
+			locals.add(new InetSocketAddress(local, port));
+			// Fall back to any available port
+			fallbacks.add(new InetSocketAddress(local, 0));
+		}
+		locals.addAll(fallbacks);
 		return locals;
 	}
 
-	private List<InetSocketAddress> parseSocketAddresses(String ipPorts) {
+	private int parsePortProperty(@Nullable String portProperty) {
-		if (isNullOrEmpty(ipPorts)) return emptyList();
+		if (isNullOrEmpty(portProperty)) return 0;
-		String[] split = ipPorts.split(SEPARATOR);
+		try {
+			return parseInt(portProperty);
+		} catch (NumberFormatException e) {
+			return 0;
+		}
+	}
+
+	private List<InetSocketAddress> parseIpv4SocketAddresses(String ipPorts) {
 		List<InetSocketAddress> addresses = new ArrayList<>();
-		for (String ipPort : split) {
+		if (isNullOrEmpty(ipPorts)) return addresses;
-			InetSocketAddress a = parseSocketAddress(ipPort);
+		for (String ipPort : ipPorts.split(SEPARATOR)) {
+			InetSocketAddress a = parseIpv4SocketAddress(ipPort);
 			if (a != null) addresses.add(a);
 		}
 		return addresses;
 	}
 
+	protected List<InetAddress> getUsableLocalInetAddresses(boolean ipv4) {
+		List<InterfaceAddress> ifAddrs =
+				new ArrayList<>(getLocalInterfaceAddresses());
+		// Prefer longer network prefixes
+		sort(ifAddrs, (a, b) ->
+				b.getNetworkPrefixLength() - a.getNetworkPrefixLength());
+		List<InetAddress> addrs = new ArrayList<>();
+		for (InterfaceAddress ifAddr : ifAddrs) {
+			InetAddress addr = ifAddr.getAddress();
+			if (isAcceptableAddress(addr, ipv4)) addrs.add(addr);
+		}
+		return addrs;
+	}
+
 	@Override
-	protected void setLocalSocketAddress(InetSocketAddress a) {
+	protected void setLocalSocketAddress(InetSocketAddress a, boolean ipv4) {
+		if (ipv4) setLocalIpv4SocketAddress(a);
+		else setLocalIpv6SocketAddress(a);
+	}
+
+	private void setLocalIpv4SocketAddress(InetSocketAddress a) {
 		String ipPort = getIpPortString(a);
+		updateRecentAddresses(PREF_LAN_IP_PORTS, PROP_IP_PORTS, ipPort);
+	}
+
+	private void setLocalIpv6SocketAddress(InetSocketAddress a) {
+		String hex = toHexString(a.getAddress().getAddress());
+		updateRecentAddresses(PREF_IPV6, PROP_IPV6, hex);
+	}
+
+	private void updateRecentAddresses(String settingKey, String propertyKey,
+			String item) {
 		// Get the list of recently used addresses
-		String setting = callback.getSettings().get(PREF_LAN_IP_PORTS);
+		String setting = callback.getSettings().get(settingKey);
-		List<String> recent = new ArrayList<>();
+		Deque<String> recent = new LinkedList<>();
-		if (!isNullOrEmpty(setting))
+		if (!isNullOrEmpty(setting)) {
 			addAll(recent, setting.split(SEPARATOR));
-		// Is the address already in the list?
+		}
-		if (recent.remove(ipPort)) {
+		if (recent.remove(item)) {
-			// Move the address to the start of the list
+			// Move the item to the start of the list
-			recent.add(0, ipPort);
+			recent.addFirst(item);
 			setting = join(recent, SEPARATOR);
 		} else {
-			// Add the address to the start of the list
+			// Add the item to the start of the list
-			recent.add(0, ipPort);
+			recent.addFirst(item);
-			// Drop the least recently used address if the list is full
+			// Drop items from the end of the list if it's too long to encode
-			if (recent.size() > MAX_ADDRESSES)
-				recent = recent.subList(0, MAX_ADDRESSES);
 			setting = join(recent, SEPARATOR);
+			while (utf8IsTooLong(setting, MAX_PROPERTY_LENGTH)) {
+				recent.removeLast();
+				setting = join(recent, SEPARATOR);
+			}
 			// Update the list of addresses shared with contacts
-			List<String> shared = new ArrayList<>(recent);
-			sort(shared);
-			String property = join(shared, SEPARATOR);
 			TransportProperties properties = new TransportProperties();
-			properties.put(PROP_IP_PORTS, property);
+			properties.put(propertyKey, setting);
 			callback.mergeLocalProperties(properties);
 		}
 		// Save the setting
 		Settings settings = new Settings();
-		settings.put(PREF_LAN_IP_PORTS, setting);
+		settings.put(settingKey, setting);
 		callback.mergeSettings(settings);
 	}
 
+	protected boolean isIpv6LinkLocalAddress(InetAddress a) {
+		return a instanceof Inet6Address && a.isLinkLocalAddress();
+	}
+
 	@Override
 	protected List<InetSocketAddress> getRemoteSocketAddresses(
-			TransportProperties p) {
+			TransportProperties p, boolean ipv4) {
-		return parseSocketAddresses(p.get(PROP_IP_PORTS));
+		if (ipv4) return getRemoteIpv4SocketAddresses(p);
+		else return getRemoteIpv6SocketAddresses(p);
 	}
 
-	private boolean isAcceptableAddress(InetAddress a) {
+	private List<InetSocketAddress> getRemoteIpv4SocketAddresses(
-		// Accept link-local and site-local IPv4 addresses
+			TransportProperties p) {
-		boolean ipv4 = a instanceof Inet4Address;
+		String ipPorts = p.get(PROP_IP_PORTS);
-		boolean loop = a.isLoopbackAddress();
+		List<InetSocketAddress> remotes = parseIpv4SocketAddresses(ipPorts);
-		boolean link = a.isLinkLocalAddress();
+		int port = parsePortProperty(p.get(PROP_PORT));
-		boolean site = a.isSiteLocalAddress();
+		// If the contact has a preferred port, we can guess their IP:port when
-		return ipv4 && !loop && (link || site);
+		// they're providing a wifi access point
+		if (port != 0) {
+			InetSocketAddress wifiAp =
+					new InetSocketAddress(WIFI_AP_ADDRESS, port);
+			if (!remotes.contains(wifiAp)) remotes.add(wifiAp);
+			InetSocketAddress wifiDirectAp =
+					new InetSocketAddress(WIFI_DIRECT_AP_ADDRESS, port);
+			if (!remotes.contains(wifiDirectAp)) remotes.add(wifiDirectAp);
+		}
+		return remotes;
+	}
+
+	private List<InetSocketAddress> getRemoteIpv6SocketAddresses(
+			TransportProperties p) {
+		List<InetAddress> addrs = parseIpv6Addresses(p.get(PROP_IPV6));
+		int port = parsePortProperty(p.get(PROP_PORT));
+		if (addrs.isEmpty() || port == 0) return emptyList();
+		List<InetSocketAddress> remotes = new ArrayList<>();
+		for (InetAddress addr : addrs) {
+			remotes.add(new InetSocketAddress(addr, port));
+		}
+		return remotes;
+	}
+
+	private List<InetAddress> parseIpv6Addresses(String property) {
+		if (isNullOrEmpty(property)) return emptyList();
+		try {
+			List<InetAddress> addrs = new ArrayList<>();
+			for (String hex : property.split(SEPARATOR)) {
+				byte[] ip = fromHexString(hex);
+				if (ip.length == 16) addrs.add(InetAddress.getByAddress(ip));
+			}
+			return addrs;
+		} catch (IllegalArgumentException | UnknownHostException e) {
+			return emptyList();
+		}
+	}
+
+	private boolean isAcceptableAddress(InetAddress a, boolean ipv4) {
+		if (ipv4) {
+			// Accept link-local and site-local IPv4 addresses
+			boolean isIpv4 = a instanceof Inet4Address;
+			boolean link = a.isLinkLocalAddress();
+			boolean site = a.isSiteLocalAddress();
+			return isIpv4 && (link || site);
+		} else {
+			// Accept link-local IPv6 addresses
+			return isIpv6LinkLocalAddress(a);
+		}
 	}
 
 	@Override
-	protected boolean isConnectable(InetSocketAddress remote) {
+	protected boolean isConnectable(InterfaceAddress local,
+			InetSocketAddress remote) {
 		if (remote.getPort() == 0) return false;
-		if (!isAcceptableAddress(remote.getAddress())) return false;
+		InetAddress remoteAddress = remote.getAddress();
+		boolean ipv4 = local.getAddress() instanceof Inet4Address;
+		if (!isAcceptableAddress(remoteAddress, ipv4)) return false;
 		// Try to determine whether the address is on the same LAN as us
-		if (socket == null) return false;
+		byte[] localIp = local.getAddress().getAddress();
-		byte[] localIp = socket.getInetAddress().getAddress();
 		byte[] remoteIp = remote.getAddress().getAddress();
-		return addressesAreOnSameLan(localIp, remoteIp);
+		int prefixLength = local.getNetworkPrefixLength();
+		return areAddressesInSameNetwork(localIp, remoteIp, prefixLength);
 	}
 
 	// Package access for testing
-	boolean addressesAreOnSameLan(byte[] localIp, byte[] remoteIp) {
+	static boolean areAddressesInSameNetwork(byte[] localIp, byte[] remoteIp,
-		// 10.0.0.0/8
+			int prefixLength) {
-		if (isPrefix10(localIp)) return isPrefix10(remoteIp);
+		if (localIp.length != remoteIp.length) return false;
-		// 172.16.0.0/12
+		// Compare the first prefixLength bits of the addresses
-		if (isPrefix172(localIp)) return isPrefix172(remoteIp);
+		for (int i = 0; i < prefixLength; i++) {
-		// 192.168.0.0/16
+			int byteIndex = i >> 3;
-		if (isPrefix192(localIp)) return isPrefix192(remoteIp);
+			int bitIndex = i & 7; // 0 to 7
-		// Unrecognised prefix - may be compatible
+			int mask = 128 >> bitIndex; // Select the bit at bitIndex
+			if ((localIp[byteIndex] & mask) != (remoteIp[byteIndex] & mask)) {
+				return false; // Addresses differ at bit i
+			}
+		}
 		return true;
 	}
 
-	private static boolean isPrefix10(byte[] ipv4) {
-		return ipv4[0] == 10;
-	}
-
-	private static boolean isPrefix172(byte[] ipv4) {
-		return ipv4[0] == (byte) 172 && (ipv4[1] & 0xF0) == 16;
-	}
-
-	private static boolean isPrefix192(byte[] ipv4) {
-		return ipv4[0] == (byte) 192 && ipv4[1] == (byte) 168;
-	}
-
-	// Returns the prefix length for an RFC 1918 address, or 0 for any other
-	// address
-	private static int getRfc1918PrefixLength(InetAddress addr) {
-		if (!(addr instanceof Inet4Address)) return 0;
-		if (!addr.isSiteLocalAddress()) return 0;
-		byte[] ipv4 = addr.getAddress();
-		if (isPrefix10(ipv4)) return 8;
-		if (isPrefix172(ipv4)) return 12;
-		if (isPrefix192(ipv4)) return 16;
-		return 0;
-	}
-
 	@Override
 	public boolean supportsKeyAgreement() {
 		return true;
@@ -209,10 +339,10 @@ class LanTcpPlugin extends TcpPlugin {
 			} catch (IOException e) {
 				if (LOG.isLoggable(INFO))
 					LOG.info("Failed to bind " + scrubSocketAddress(addr));
-				tryToClose(ss);
+				tryToClose(ss, LOG, WARNING);
 			}
 		}
-		if (ss == null || !ss.isBound()) {
+		if (ss == null) {
 			LOG.info("Could not bind server socket for key agreement");
 			return null;
 		}
@@ -225,10 +355,23 @@ class LanTcpPlugin extends TcpPlugin {
 		return new LanKeyAgreementListener(descriptor, ss);
 	}
 
+	private List<InetSocketAddress> getLocalSocketAddresses() {
+		List<InetSocketAddress> addrs = new ArrayList<>();
+		addrs.addAll(getLocalSocketAddresses(true));
+		addrs.addAll(getLocalSocketAddresses(false));
+		return addrs;
+	}
+
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
 			byte[] commitment, BdfList descriptor) {
-		if (!isRunning()) return null;
+		ServerSocket ss = state.getServerSocket(true);
+		if (ss == null) return null;
+		InterfaceAddress local = getLocalInterfaceAddress(ss.getInetAddress());
+		if (local == null) {
+			LOG.warning("No interface for key agreement server socket");
+			return null;
+		}
 		InetSocketAddress remote;
 		try {
 			remote = parseSocketAddress(descriptor);
@@ -236,12 +379,11 @@ class LanTcpPlugin extends TcpPlugin {
 			LOG.info("Invalid IP/port in key agreement descriptor");
 			return null;
 		}
-		if (!isConnectable(remote)) {
+		if (!isConnectable(local, remote)) {
 			if (LOG.isLoggable(INFO)) {
-				SocketAddress local = socket.getLocalSocketAddress();
 				LOG.info(scrubSocketAddress(remote) +
 						" is not connectable from " +
-						scrubSocketAddress(local));
+						scrubSocketAddress(ss.getLocalSocketAddress()));
 			}
 			return null;
 		}
@@ -249,8 +391,8 @@ class LanTcpPlugin extends TcpPlugin {
 			if (LOG.isLoggable(INFO))
 				LOG.info("Connecting to " + scrubSocketAddress(remote));
 			Socket s = createSocket();
-			s.bind(new InetSocketAddress(socket.getInetAddress(), 0));
+			s.bind(new InetSocketAddress(ss.getInetAddress(), 0));
-			s.connect(remote);
+			s.connect(remote, connectionTimeout);
 			s.setSoTimeout(socketTimeout);
 			if (LOG.isLoggable(INFO))
 				LOG.info("Connected to " + scrubSocketAddress(remote));
@@ -296,22 +438,7 @@ class LanTcpPlugin extends TcpPlugin {
 
 		@Override
 		public void close() {
-			IoUtils.tryToClose(ss, LOG, WARNING);
+			tryToClose(ss, LOG, WARNING);
-		}
-	}
-
-	static class LanAddressComparator implements Comparator<InetSocketAddress> {
-
-		@Override
-		public int compare(InetSocketAddress a, InetSocketAddress b) {
-			// Prefer addresses with non-zero ports
-			int aPort = a.getPort(), bPort = b.getPort();
-			if (aPort > 0 && bPort == 0) return -1;
-			if (aPort == 0 && bPort > 0) return 1;
-			// Prefer addresses with longer RFC 1918 prefixes
-			int aPrefix = getRfc1918PrefixLength(a.getAddress());
-			int bPrefix = getRfc1918PrefixLength(b.getAddress());
-			return bPrefix - aPrefix;
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/LanTcpPluginFactory.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.plugin.tcp;
 
+import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -18,18 +19,21 @@ import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
 @NotNullByDefault
 public class LanTcpPluginFactory implements DuplexPluginFactory {
 
-	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_LATENCY = 30_000; // 30 seconds
-	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30_000; // 30 seconds
-	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
+	private static final int CONNECTION_TIMEOUT = 3_000; // 3 seconds
-	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
+	private static final int MIN_POLLING_INTERVAL = 60_000; // 1 minute
+	private static final int MAX_POLLING_INTERVAL = 600_000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
+	private final EventBus eventBus;
 	private final BackoffFactory backoffFactory;
 
-	public LanTcpPluginFactory(Executor ioExecutor,
+	public LanTcpPluginFactory(Executor ioExecutor, EventBus eventBus,
 			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
+		this.eventBus = eventBus;
 		this.backoffFactory = backoffFactory;
 	}
 
@@ -47,7 +51,9 @@ public class LanTcpPluginFactory implements DuplexPluginFactory {
 	public DuplexPlugin createPlugin(PluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		return new LanTcpPlugin(ioExecutor, backoff, callback, MAX_LATENCY,
+		LanTcpPlugin plugin =  new LanTcpPlugin(ioExecutor, backoff, callback, MAX_LATENCY,
-				MAX_IDLE_TIME);
+				MAX_IDLE_TIME, CONNECTION_TIMEOUT);
+		eventBus.addListener(plugin);
+		return plugin;
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/PortMapperImpl.java

@@ -54,11 +54,13 @@ class PortMapperImpl implements PortMapper {
 				shutdownManager.addShutdownHook(() -> deleteMapping(port));
 			}
 			String externalString = gateway.getExternalIPAddress();
-			if (LOG.isLoggable(INFO))
+			if (externalString == null) {
-				LOG.info(
+				LOG.info("External address not available");
-						"External address " + scrubInetAddress(externalString));
+			} else {
-			if (externalString != null)
 				external = InetAddress.getByName(externalString);
+				if (LOG.isLoggable(INFO))
+					LOG.info("External address " + scrubInetAddress(external));
+			}
 		} catch (IOException | SAXException e) {
 			logException(LOG, WARNING, e);
 		}

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/TcpPlugin.java

@@ -3,8 +3,12 @@ package org.briarproject.bramble.plugin.tcp;
 import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.data.BdfList;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
@@ -14,15 +18,16 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.rendezvous.KeyMaterialSource;
 import org.briarproject.bramble.api.rendezvous.RendezvousEndpoint;
-import org.briarproject.bramble.util.IoUtils;
+import org.briarproject.bramble.api.settings.Settings;
+import org.briarproject.bramble.api.settings.event.SettingsUpdatedEvent;
 
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.InterfaceAddress;
 import java.net.NetworkInterface;
 import java.net.ServerSocket;
 import java.net.Socket;
-import java.net.SocketAddress;
 import java.net.SocketException;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
@@ -35,20 +40,26 @@ import java.util.logging.Logger;
 import java.util.regex.Pattern;
 
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
 
-import static java.net.NetworkInterface.getNetworkInterfaces;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.list;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.DISABLED;
+import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.STARTING_STOPPING;
+import static org.briarproject.bramble.util.IoUtils.tryToClose;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubSocketAddress;
 import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
-abstract class TcpPlugin implements DuplexPlugin {
+abstract class TcpPlugin implements DuplexPlugin, EventListener {
 
 	private static final Logger LOG = getLogger(TcpPlugin.class.getName());
 
@@ -58,43 +69,47 @@ abstract class TcpPlugin implements DuplexPlugin {
 	protected final Executor ioExecutor, bindExecutor;
 	protected final Backoff backoff;
 	protected final PluginCallback callback;
-	protected final int maxLatency, maxIdleTime, socketTimeout;
+	protected final int maxLatency, maxIdleTime;
+	protected final int connectionTimeout, socketTimeout;
 	protected final AtomicBoolean used = new AtomicBoolean(false);
-
+	protected final PluginState state = new PluginState();
-	protected volatile boolean running = false;
-	protected volatile ServerSocket socket = null;
 
 	/**
 	 * Returns zero or more socket addresses on which the plugin should listen,
 	 * in order of preference. At most one of the addresses will be bound.
 	 */
-	protected abstract List<InetSocketAddress> getLocalSocketAddresses();
+	protected abstract List<InetSocketAddress> getLocalSocketAddresses(
+			boolean ipv4);
 
 	/**
 	 * Adds the address on which the plugin is listening to the transport
 	 * properties.
 	 */
-	protected abstract void setLocalSocketAddress(InetSocketAddress a);
+	protected abstract void setLocalSocketAddress(InetSocketAddress a,
+			boolean ipv4);
 
 	/**
 	 * Returns zero or more socket addresses for connecting to a contact with
 	 * the given transport properties.
 	 */
 	protected abstract List<InetSocketAddress> getRemoteSocketAddresses(
-			TransportProperties p);
+			TransportProperties p, boolean ipv4);
 
 	/**
 	 * Returns true if connections to the given address can be attempted.
 	 */
-	protected abstract boolean isConnectable(InetSocketAddress remote);
+	@SuppressWarnings("BooleanMethodIsAlwaysInverted")
+	protected abstract boolean isConnectable(InterfaceAddress local,
+			InetSocketAddress remote);
 
 	TcpPlugin(Executor ioExecutor, Backoff backoff, PluginCallback callback,
-			int maxLatency, int maxIdleTime) {
+			int maxLatency, int maxIdleTime, int connectionTimeout) {
 		this.ioExecutor = ioExecutor;
 		this.backoff = backoff;
 		this.callback = callback;
 		this.maxLatency = maxLatency;
 		this.maxIdleTime = maxIdleTime;
+		this.connectionTimeout = connectionTimeout;
 		if (maxIdleTime > Integer.MAX_VALUE / 2)
 			socketTimeout = Integer.MAX_VALUE;
 		else socketTimeout = maxIdleTime * 2;
@@ -115,49 +130,49 @@ abstract class TcpPlugin implements DuplexPlugin {
 	@Override
 	public void start() {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		running = true;
+		Settings settings = callback.getSettings();
+		state.setStarted(settings.getBoolean(PREF_PLUGIN_ENABLE, false));
 		bind();
 	}
 
 	protected void bind() {
 		bindExecutor.execute(() -> {
-			if (!running) return;
+			if (getState() != INACTIVE) return;
-			if (socket != null && !socket.isClosed()) return;
+			bind(true);
-			ServerSocket ss = null;
+			bind(false);
-			for (InetSocketAddress addr : getLocalSocketAddresses()) {
-				try {
-					ss = new ServerSocket();
-					ss.bind(addr);
-					break;
-				} catch (IOException e) {
-					if (LOG.isLoggable(INFO))
-						LOG.info("Failed to bind " + scrubSocketAddress(addr));
-					tryToClose(ss);
-				}
-			}
-			if (ss == null || !ss.isBound()) {
-				LOG.info("Could not bind server socket");
-				return;
-			}
-			if (!running) {
-				tryToClose(ss);
-				return;
-			}
-			socket = ss;
-			backoff.reset();
-			InetSocketAddress local =
-					(InetSocketAddress) ss.getLocalSocketAddress();
-			setLocalSocketAddress(local);
-			if (LOG.isLoggable(INFO))
-				LOG.info("Listening on " + scrubSocketAddress(local));
-			callback.transportEnabled();
-			acceptContactConnections();
 		});
 	}
 
-	protected void tryToClose(@Nullable ServerSocket ss) {
+	private void bind(boolean ipv4) {
-		IoUtils.tryToClose(ss, LOG, WARNING);
+		ServerSocket ss = null;
-		callback.transportDisabled();
+		for (InetSocketAddress addr : getLocalSocketAddresses(ipv4)) {
+			try {
+				ss = new ServerSocket();
+				ss.bind(addr);
+				break;
+			} catch (IOException e) {
+				if (LOG.isLoggable(INFO))
+					LOG.info("Failed to bind " + scrubSocketAddress(addr));
+				tryToClose(ss, LOG, WARNING);
+			}
+		}
+		if (ss == null) {
+			LOG.info("Could not bind server socket");
+			return;
+		}
+		if (!state.setServerSocket(ss, ipv4)) {
+			LOG.info("Closing redundant server socket");
+			tryToClose(ss, LOG, WARNING);
+			return;
+		}
+		backoff.reset();
+		InetSocketAddress local =
+				(InetSocketAddress) ss.getLocalSocketAddress();
+		setLocalSocketAddress(local, ipv4);
+		if (LOG.isLoggable(INFO))
+			LOG.info("Listening on " + scrubSocketAddress(local));
+		ServerSocket finalSocket = ss;
+		ioExecutor.execute(() -> acceptContactConnections(finalSocket, ipv4));
 	}
 
 	String getIpPortString(InetSocketAddress a) {
@@ -167,20 +182,22 @@ abstract class TcpPlugin implements DuplexPlugin {
 		return addr + ":" + a.getPort();
 	}
 
-	private void acceptContactConnections() {
+	private void acceptContactConnections(ServerSocket ss, boolean ipv4) {
-		while (isRunning()) {
+		while (true) {
 			Socket s;
 			try {
-				s = socket.accept();
+				s = ss.accept();
 				s.setSoTimeout(socketTimeout);
 			} catch (IOException e) {
-				// This is expected when the socket is closed
+				// This is expected when the server socket is closed
-				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+				LOG.info("Server socket closed");
+				state.clearServerSocket(ss, ipv4);
 				return;
 			}
-			if (LOG.isLoggable(INFO))
+			if (LOG.isLoggable(INFO)) {
 				LOG.info("Connection from " +
 						scrubSocketAddress(s.getRemoteSocketAddress()));
+			}
 			backoff.reset();
 			callback.handleConnection(new TcpTransportConnection(this, s));
 		}
@@ -188,13 +205,17 @@ abstract class TcpPlugin implements DuplexPlugin {
 
 	@Override
 	public void stop() {
-		running = false;
+		for (ServerSocket ss : state.setStopped()) tryToClose(ss, LOG, WARNING);
-		tryToClose(socket);
 	}
 
 	@Override
-	public boolean isRunning() {
+	public State getState() {
-		return running && socket != null && !socket.isClosed();
+		return state.getState();
+	}
+
+	@Override
+	public int getReasonsDisabled() {
+		return state.getReasonsDisabled();
 	}
 
 	@Override
@@ -210,7 +231,7 @@ abstract class TcpPlugin implements DuplexPlugin {
 	@Override
 	public void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
 			properties) {
-		if (!isRunning()) return;
+		if (getState() != ACTIVE) return;
 		backoff.increment();
 		for (Pair<TransportProperties, ConnectionHandler> p : properties) {
 			connect(p.getFirst(), p.getSecond());
@@ -229,14 +250,32 @@ abstract class TcpPlugin implements DuplexPlugin {
 
 	@Override
 	public DuplexTransportConnection createConnection(TransportProperties p) {
-		if (!isRunning()) return null;
+		DuplexTransportConnection c = createConnection(p, true);
-		for (InetSocketAddress remote : getRemoteSocketAddresses(p)) {
+		if (c != null) return c;
-			if (!isConnectable(remote)) {
+		return createConnection(p, false);
+	}
+
+	@Nullable
+	private DuplexTransportConnection createConnection(TransportProperties p,
+			boolean ipv4) {
+		ServerSocket ss = state.getServerSocket(ipv4);
+		if (ss == null) return null;
+		InterfaceAddress local = getLocalInterfaceAddress(ss.getInetAddress());
+		if (local == null) {
+			LOG.warning("No interface for server socket");
+			return null;
+		}
+		for (InetSocketAddress remote : getRemoteSocketAddresses(p, ipv4)) {
+			// Don't try to connect to our own address
+			if (!canConnectToOwnAddress() &&
+					remote.getAddress().equals(ss.getInetAddress())) {
+				continue;
+			}
+			if (!isConnectable(local, remote)) {
 				if (LOG.isLoggable(INFO)) {
-					SocketAddress local = socket.getLocalSocketAddress();
 					LOG.info(scrubSocketAddress(remote) +
 							" is not connectable from " +
-							scrubSocketAddress(local));
+							scrubSocketAddress(ss.getLocalSocketAddress()));
 				}
 				continue;
 			}
@@ -244,27 +283,45 @@ abstract class TcpPlugin implements DuplexPlugin {
 				if (LOG.isLoggable(INFO))
 					LOG.info("Connecting to " + scrubSocketAddress(remote));
 				Socket s = createSocket();
-				s.bind(new InetSocketAddress(socket.getInetAddress(), 0));
+				s.bind(new InetSocketAddress(ss.getInetAddress(), 0));
-				s.connect(remote);
+				s.connect(remote, connectionTimeout);
 				s.setSoTimeout(socketTimeout);
 				if (LOG.isLoggable(INFO))
 					LOG.info("Connected to " + scrubSocketAddress(remote));
 				return new TcpTransportConnection(this, s);
 			} catch (IOException e) {
-				if (LOG.isLoggable(INFO))
+				if (LOG.isLoggable(INFO)) {
 					LOG.info("Could not connect to " +
 							scrubSocketAddress(remote));
+				}
 			}
 		}
 		return null;
 	}
 
+	@Nullable
+	InterfaceAddress getLocalInterfaceAddress(InetAddress a) {
+		for (InterfaceAddress ifAddr : getLocalInterfaceAddresses()) {
+			if (ifAddr.getAddress().equals(a)) return ifAddr;
+		}
+		return null;
+	}
+
+	// Override for testing
+	protected boolean canConnectToOwnAddress() {
+		return false;
+	}
+
 	protected Socket createSocket() throws IOException {
 		return new Socket();
 	}
 
+	int chooseEphemeralPort() {
+		return 32768 + (int) (Math.random() * 32768);
+	}
+
 	@Nullable
-	InetSocketAddress parseSocketAddress(String ipPort) {
+	InetSocketAddress parseIpv4SocketAddress(String ipPort) {
 		if (isNullOrEmpty(ipPort)) return null;
 		String[] split = ipPort.split(":");
 		if (split.length != 2) return null;
@@ -275,14 +332,7 @@ abstract class TcpPlugin implements DuplexPlugin {
 			InetAddress a = InetAddress.getByName(addr);
 			int p = Integer.parseInt(port);
 			return new InetSocketAddress(a, p);
-		} catch (UnknownHostException e) {
+		} catch (UnknownHostException | NumberFormatException e) {
-			if (LOG.isLoggable(WARNING))
-				// not scrubbing to enable us to find the problem
-				LOG.warning("Invalid address: " + addr);
-			return null;
-		} catch (NumberFormatException e) {
-			if (LOG.isLoggable(WARNING))
-				LOG.warning("Invalid port: " + port);
 			return null;
 		}
 	}
@@ -314,17 +364,139 @@ abstract class TcpPlugin implements DuplexPlugin {
 		throw new UnsupportedOperationException();
 	}
 
-	Collection<InetAddress> getLocalIpAddresses() {
+	List<InterfaceAddress> getLocalInterfaceAddresses() {
+		List<InterfaceAddress> addrs = new ArrayList<>();
+		for (NetworkInterface iface : getNetworkInterfaces()) {
+			addrs.addAll(iface.getInterfaceAddresses());
+		}
+		return addrs;
+	}
+
+	List<InetAddress> getLocalInetAddresses() {
+		List<InetAddress> addrs = new ArrayList<>();
+		for (NetworkInterface iface : getNetworkInterfaces()) {
+			addrs.addAll(list(iface.getInetAddresses()));
+		}
+		return addrs;
+	}
+
+	private List<NetworkInterface> getNetworkInterfaces() {
 		try {
-			Enumeration<NetworkInterface> ifaces = getNetworkInterfaces();
+			Enumeration<NetworkInterface> ifaces =
-			if (ifaces == null) return emptyList();
+					NetworkInterface.getNetworkInterfaces();
-			List<InetAddress> addrs = new ArrayList<>();
+			return ifaces == null ? emptyList() : list(ifaces);
-			for (NetworkInterface iface : list(ifaces))
-				addrs.addAll(list(iface.getInetAddresses()));
-			return addrs;
 		} catch (SocketException e) {
 			logException(LOG, WARNING, e);
 			return emptyList();
 		}
 	}
+
+	@Override
+	public void eventOccurred(Event e) {
+		if (e instanceof SettingsUpdatedEvent) {
+			SettingsUpdatedEvent s = (SettingsUpdatedEvent) e;
+			if (s.getNamespace().equals(getId().getString()))
+				ioExecutor.execute(() -> onSettingsUpdated(s.getSettings()));
+		}
+	}
+
+	@IoExecutor
+	private void onSettingsUpdated(Settings settings) {
+		boolean enabledByUser = settings.getBoolean(PREF_PLUGIN_ENABLE, false);
+		List<ServerSocket> toClose = state.setEnabledByUser(enabledByUser);
+		State s = getState();
+		if (!toClose.isEmpty()) {
+			LOG.info("Disabled by user, closing server sockets");
+			for (ServerSocket ss : toClose) tryToClose(ss, LOG, WARNING);
+		} else if (s == INACTIVE) {
+			LOG.info("Enabled by user, opening server sockets");
+			bind();
+		}
+	}
+
+	@ThreadSafe
+	@NotNullByDefault
+	protected class PluginState {
+
+		@GuardedBy("this")
+		private boolean started = false, stopped = false, enabledByUser = false;
+
+		@GuardedBy("this")
+		@Nullable
+		private ServerSocket serverSocketV4 = null, serverSocketV6 = null;
+
+		synchronized void setStarted(boolean enabledByUser) {
+			started = true;
+			this.enabledByUser = enabledByUser;
+			callback.pluginStateChanged(getState());
+		}
+
+		synchronized List<ServerSocket> setStopped() {
+			stopped = true;
+			List<ServerSocket> toClose = clearServerSockets();
+			callback.pluginStateChanged(getState());
+			return toClose;
+		}
+
+		@GuardedBy("this")
+		private List<ServerSocket> clearServerSockets() {
+			List<ServerSocket> toClose = new ArrayList<>(2);
+			if (serverSocketV4 != null) {
+				toClose.add(serverSocketV4);
+				serverSocketV4 = null;
+			}
+			if (serverSocketV6 != null) {
+				toClose.add(serverSocketV6);
+				serverSocketV6 = null;
+			}
+			return toClose;
+		}
+
+		synchronized List<ServerSocket> setEnabledByUser(
+				boolean enabledByUser) {
+			this.enabledByUser = enabledByUser;
+			List<ServerSocket> toClose = enabledByUser
+					? emptyList() : clearServerSockets();
+			callback.pluginStateChanged(getState());
+			return toClose;
+		}
+
+		@Nullable
+		synchronized ServerSocket getServerSocket(boolean ipv4) {
+			return ipv4 ? serverSocketV4 : serverSocketV6;
+		}
+
+		synchronized boolean setServerSocket(ServerSocket ss, boolean ipv4) {
+			if (stopped) return false;
+			if (ipv4) {
+				if (serverSocketV4 != null) return false;
+				serverSocketV4 = ss;
+			} else {
+				if (serverSocketV6 != null) return false;
+				serverSocketV6 = ss;
+			}
+			callback.pluginStateChanged(getState());
+			return true;
+		}
+
+		synchronized void clearServerSocket(ServerSocket ss, boolean ipv4) {
+			if (ipv4) {
+				if (serverSocketV4 == ss) serverSocketV4 = null;
+			} else {
+				if (serverSocketV6 == ss) serverSocketV6 = null;
+			}
+			callback.pluginStateChanged(getState());
+		}
+
+		synchronized State getState() {
+			if (!started || stopped) return STARTING_STOPPING;
+			if (!enabledByUser) return DISABLED;
+			if (serverSocketV4 != null || serverSocketV6 != null) return ACTIVE;
+			return INACTIVE;
+		}
+
+		synchronized int getReasonsDisabled() {
+			return getState() == DISABLED ? REASON_USER : 0;
+		}
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/WanTcpPlugin.java

@@ -10,6 +10,7 @@ import org.briarproject.bramble.api.properties.TransportProperties;
 import java.net.Inet4Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.InterfaceAddress;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.concurrent.Executor;
@@ -29,8 +30,10 @@ class WanTcpPlugin extends TcpPlugin {
 	private volatile MappingResult mappingResult;
 
 	WanTcpPlugin(Executor ioExecutor, Backoff backoff, PortMapper portMapper,
-			PluginCallback callback, int maxLatency, int maxIdleTime) {
+			PluginCallback callback, int maxLatency, int maxIdleTime,
-		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
+			int connectionTimeout) {
+		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime,
+				connectionTimeout);
 		this.portMapper = portMapper;
 	}
 
@@ -40,12 +43,13 @@ class WanTcpPlugin extends TcpPlugin {
 	}
 
 	@Override
-	protected List<InetSocketAddress> getLocalSocketAddresses() {
+	protected List<InetSocketAddress> getLocalSocketAddresses(boolean ipv4) {
+		if (!ipv4) return emptyList();
 		// Use the same address and port as last time if available
 		TransportProperties p = callback.getLocalProperties();
-		InetSocketAddress old = parseSocketAddress(p.get(PROP_IP_PORT));
+		InetSocketAddress old = parseIpv4SocketAddress(p.get(PROP_IP_PORT));
 		List<InetSocketAddress> addrs = new LinkedList<>();
-		for (InetAddress a : getLocalIpAddresses()) {
+		for (InetAddress a : getLocalInetAddresses()) {
 			if (isAcceptableAddress(a)) {
 				// If this is the old address, try to use the same port
 				if (old != null && old.getAddress().equals(a))
@@ -73,26 +77,25 @@ class WanTcpPlugin extends TcpPlugin {
 		return ipv4 && !loop && !link && !site;
 	}
 
-	private int chooseEphemeralPort() {
-		return 32768 + (int) (Math.random() * 32768);
-	}
-
 	@Override
 	protected List<InetSocketAddress> getRemoteSocketAddresses(
-			TransportProperties p) {
+			TransportProperties p, boolean ipv4) {
-		InetSocketAddress parsed = parseSocketAddress(p.get(PROP_IP_PORT));
+		if (!ipv4) return emptyList();
+		InetSocketAddress parsed = parseIpv4SocketAddress(p.get(PROP_IP_PORT));
 		if (parsed == null) return emptyList();
 		return singletonList(parsed);
 	}
 
 	@Override
-	protected boolean isConnectable(InetSocketAddress remote) {
+	protected boolean isConnectable(InterfaceAddress local,
+			InetSocketAddress remote) {
 		if (remote.getPort() == 0) return false;
 		return isAcceptableAddress(remote.getAddress());
 	}
 
 	@Override
-	protected void setLocalSocketAddress(InetSocketAddress a) {
+	protected void setLocalSocketAddress(InetSocketAddress a, boolean ipv4) {
+		if (!ipv4) throw new AssertionError();
 		if (mappingResult != null && mappingResult.isUsable()) {
 			// Advertise the external address to contacts
 			if (a.equals(mappingResult.getInternal())) {

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/WanTcpPluginFactory.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.plugin.tcp;
 
+import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.ShutdownManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
@@ -19,19 +20,22 @@ import static org.briarproject.bramble.api.plugin.WanTcpConstants.ID;
 @NotNullByDefault
 public class WanTcpPluginFactory implements DuplexPluginFactory {
 
-	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_LATENCY = 30_000; // 30 seconds
-	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30_000; // 30 seconds
-	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
+	private static final int CONNECTION_TIMEOUT = 30_000; // 30 seconds
-	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
+	private static final int MIN_POLLING_INTERVAL = 60_000; // 1 minute
+	private static final int MAX_POLLING_INTERVAL = 600_000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
+	private final EventBus eventBus;
 	private final BackoffFactory backoffFactory;
 	private final ShutdownManager shutdownManager;
 
-	public WanTcpPluginFactory(Executor ioExecutor,
+	public WanTcpPluginFactory(Executor ioExecutor, EventBus eventBus,
 			BackoffFactory backoffFactory, ShutdownManager shutdownManager) {
 		this.ioExecutor = ioExecutor;
+		this.eventBus = eventBus;
 		this.backoffFactory = backoffFactory;
 		this.shutdownManager = shutdownManager;
 	}
@@ -50,8 +54,10 @@ public class WanTcpPluginFactory implements DuplexPluginFactory {
 	public DuplexPlugin createPlugin(PluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		return new WanTcpPlugin(ioExecutor, backoff,
+		WanTcpPlugin plugin = new WanTcpPlugin(ioExecutor, backoff,
 				new PortMapperImpl(shutdownManager), callback, MAX_LATENCY,
-				MAX_IDLE_TIME);
+				MAX_IDLE_TIME, CONNECTION_TIMEOUT);
+		eventBus.addListener(plugin);
+		return plugin;
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/CircumventionProvider.java

@@ -17,7 +17,7 @@ public interface CircumventionProvider {
 	String[] BLOCKED = {"CN", "IR", "EG", "BY", "TR", "SY", "VE"};
 
 	/**
-	 * Countries where obfs4 bridge connection are likely to work.
+	 * Countries where obfs4 or meek bridge connections are likely to work.
 	 * Should be a subset of {@link #BLOCKED}.
 	 */
 	String[] BRIDGES = { "CN", "IR", "EG", "BY", "TR", "SY", "VE" };

bramble-core/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java

@@ -15,6 +15,7 @@ import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.network.NetworkStatus;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
@@ -54,6 +55,9 @@ import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import java.util.zip.ZipInputStream;
 
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
 import javax.net.SocketFactory;
 
 import static java.util.Arrays.asList;
@@ -65,6 +69,11 @@ import static java.util.logging.Logger.getLogger;
 import static net.freehaven.tor.control.TorControlCommands.HS_ADDRESS;
 import static net.freehaven.tor.control.TorControlCommands.HS_PRIVKEY;
 import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.DISABLED;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ENABLING;
+import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.STARTING_STOPPING;
 import static org.briarproject.bramble.api.plugin.TorConstants.CONTROL_PORT;
 import static org.briarproject.bramble.api.plugin.TorConstants.ID;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_MOBILE;
@@ -76,6 +85,9 @@ import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_ONLY_WHE
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_PORT;
 import static org.briarproject.bramble.api.plugin.TorConstants.PROP_ONION_V2;
 import static org.briarproject.bramble.api.plugin.TorConstants.PROP_ONION_V3;
+import static org.briarproject.bramble.api.plugin.TorConstants.REASON_BATTERY;
+import static org.briarproject.bramble.api.plugin.TorConstants.REASON_COUNTRY_BLOCKED;
+import static org.briarproject.bramble.api.plugin.TorConstants.REASON_MOBILE_DATA;
 import static org.briarproject.bramble.plugin.tor.TorRendezvousCrypto.SEED_BYTES;
 import static org.briarproject.bramble.util.IoUtils.copyAndClose;
 import static org.briarproject.bramble.util.IoUtils.tryToClose;
@@ -113,16 +125,14 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private final int maxLatency, maxIdleTime, socketTimeout;
 	private final File torDirectory, torFile, geoIpFile, obfs4File, configFile;
 	private final File doneFile, cookieFile;
-	private final ConnectionStatus connectionStatus;
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
-	private volatile ServerSocket socket = null;
+	protected final PluginState state = new PluginState();
+
 	private volatile Socket controlSocket = null;
 	private volatile TorControlConnection controlConnection = null;
 	private volatile Settings settings = null;
 
-	protected volatile boolean running = false;
-
 	protected abstract int getProcessId();
 
 	protected abstract long getLastUpdateTime();
@@ -159,7 +169,6 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		configFile = new File(torDirectory, "torrc");
 		doneFile = new File(torDirectory, "done");
 		cookieFile = new File(torDirectory, ".tor/control_auth_cookie");
-		connectionStatus = new ConnectionStatus();
 		// Don't execute more than one connection status check at a time
 		connectionStatusExecutor =
 				new PoliteExecutor("TorPlugin", ioExecutor, 1);
@@ -190,7 +199,7 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 			}
 		}
 		// Load the settings
-		settings = callback.getSettings();
+		settings = migrateSettings(callback.getSettings());
 		// Install or update the assets if necessary
 		if (!assetsAreUpToDate()) installAssets();
 		if (cookieFile.exists() && !cookieFile.delete())
@@ -258,7 +267,6 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 			// Tell Tor to exit when the control connection is closed
 			controlConnection.takeOwnership();
 			controlConnection.resetConf(singletonList(OWNER));
-			running = true;
 			// Register to receive events from the Tor process
 			controlConnection.setEventHandler(this);
 			controlConnection.setEvents(asList(EVENTS));
@@ -266,11 +274,12 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 			String phase = controlConnection.getInfo("status/bootstrap-phase");
 			if (phase != null && phase.contains("PROGRESS=100")) {
 				LOG.info("Tor has already bootstrapped");
-				connectionStatus.setBootstrapped();
+				state.setBootstrapped();
 			}
 		} catch (IOException e) {
 			throw new PluginException(e);
 		}
+		state.setStarted();
 		// Check whether we're online
 		updateConnectionStatus(networkManager.getNetworkStatus(),
 				batteryManager.isCharging());
@@ -278,6 +287,18 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		bind();
 	}
 
+	// TODO: Remove after a reasonable migration period (added 2020-06-25)
+	private Settings migrateSettings(Settings settings) {
+		int network = settings.getInt(PREF_TOR_NETWORK,
+				PREF_TOR_NETWORK_AUTOMATIC);
+		if (network == PREF_TOR_NETWORK_NEVER) {
+			settings.putInt(PREF_TOR_NETWORK, PREF_TOR_NETWORK_AUTOMATIC);
+			settings.putBoolean(PREF_PLUGIN_ENABLE, false);
+			callback.mergeSettings(settings);
+		}
+		return settings;
+	}
+
 	private boolean assetsAreUpToDate() {
 		return doneFile.lastModified() > getLastUpdateTime();
 	}
@@ -393,11 +414,11 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 				tryToClose(ss, LOG, WARNING);
 				return;
 			}
-			if (!running) {
+			if (!state.setServerSocket(ss)) {
+				LOG.info("Closing redundant server socket");
 				tryToClose(ss, LOG, WARNING);
 				return;
 			}
-			socket = ss;
 			// Store the port number
 			String localPort = String.valueOf(ss.getLocalPort());
 			Settings s = new Settings();
@@ -412,7 +433,7 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void publishHiddenService(String port) {
-		if (!running) return;
+		if (!state.isTorRunning()) return;
 		LOG.info("Creating hidden service");
 		String privKey = settings.get(HS_PRIVKEY);
 		Map<Integer, String> portLines = singletonMap(80, "127.0.0.1:" + port);
@@ -450,14 +471,15 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void acceptContactConnections(ServerSocket ss) {
-		while (running) {
+		while (true) {
 			Socket s;
 			try {
 				s = ss.accept();
 				s.setSoTimeout(socketTimeout);
 			} catch (IOException e) {
-				// This is expected when the socket is closed
+				// This is expected when the server socket is closed
-				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+				LOG.info("Server socket closed");
+				state.clearServerSocket(ss);
 				return;
 			}
 			LOG.info("Connection received");
@@ -467,10 +489,8 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	protected void enableNetwork(boolean enable) throws IOException {
-		if (!running) return;
+		state.enableNetwork(enable);
-		connectionStatus.enableNetwork(enable);
 		controlConnection.setConf("DisableNetwork", enable ? "0" : "1");
-		if (!enable) callback.transportDisabled();
 	}
 
 	private void enableBridges(boolean enable, boolean needsMeek)
@@ -494,9 +514,8 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 	@Override
 	public void stop() {
-		running = false;
+		ServerSocket ss = state.setStopped();
-		tryToClose(socket, LOG, WARNING);
+		tryToClose(ss, LOG, WARNING);
-		callback.transportDisabled();
 		if (controlSocket != null && controlConnection != null) {
 			try {
 				LOG.info("Stopping Tor");
@@ -510,8 +529,13 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	@Override
-	public boolean isRunning() {
+	public State getState() {
-		return running && connectionStatus.isConnected();
+		return state.getState();
+	}
+
+	@Override
+	public int getReasonsDisabled() {
+		return state.getReasonsDisabled();
 	}
 
 	@Override
@@ -527,7 +551,7 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
 			properties) {
-		if (!isRunning()) return;
+		if (getState() != ACTIVE) return;
 		backoff.increment();
 		for (Pair<TransportProperties, ConnectionHandler> p : properties) {
 			connect(p.getFirst(), p.getSecond());
@@ -546,7 +570,7 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 	@Override
 	public DuplexTransportConnection createConnection(TransportProperties p) {
-		if (!isRunning()) return null;
+		if (getState() != ACTIVE) return null;
 		String bestOnion = null;
 		String onion2 = p.get(PROP_ONION_V2);
 		String onion3 = p.get(PROP_ONION_V3);
@@ -634,8 +658,8 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 								new TorTransportConnection(this, s));
 					}
 				} catch (IOException e) {
-					// This is expected when the socket is closed
+					// This is expected when the server socket is closed
-					if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+					LOG.info("Rendezvous server socket closed");
 				}
 			});
 			Map<Integer, String> portLines =
@@ -663,10 +687,9 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public void circuitStatus(String status, String id, String path) {
 		if (status.equals("BUILT") &&
-				connectionStatus.getAndSetCircuitBuilt()) {
+				state.getAndSetCircuitBuilt()) {
 			LOG.info("First circuit built");
 			backoff.reset();
-			if (isRunning()) callback.transportEnabled();
 		}
 	}
 
@@ -697,9 +720,8 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	public void message(String severity, String msg) {
 		if (LOG.isLoggable(INFO)) LOG.info(severity + " " + msg);
 		if (severity.equals("NOTICE") && msg.startsWith("Bootstrapped 100%")) {
-			connectionStatus.setBootstrapped();
+			state.setBootstrapped();
 			backoff.reset();
-			if (isRunning()) callback.transportEnabled();
 		}
 	}
 
@@ -736,7 +758,7 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private void disableNetwork() {
 		connectionStatusExecutor.execute(() -> {
 			try {
-				enableNetwork(false);
+				if (state.isTorRunning()) enableNetwork(false);
 			} catch (IOException ex) {
 				logException(LOG, WARNING, ex);
 			}
@@ -746,12 +768,14 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private void updateConnectionStatus(NetworkStatus status,
 			boolean charging) {
 		connectionStatusExecutor.execute(() -> {
-			if (!running) return;
+			if (!state.isTorRunning()) return;
 			boolean online = status.isConnected();
 			boolean wifi = status.isWifi();
 			String country = locationUtils.getCurrentCountry();
 			boolean blocked =
 					circumventionProvider.isTorProbablyBlocked(country);
+			boolean enabledByUser =
+					settings.getBoolean(PREF_PLUGIN_ENABLE, true);
 			int network = settings.getInt(PREF_TOR_NETWORK,
 					PREF_TOR_NETWORK_AUTOMATIC);
 			boolean useMobile = settings.getBoolean(PREF_TOR_MOBILE, true);
@@ -762,47 +786,70 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 			if (LOG.isLoggable(INFO)) {
 				LOG.info("Online: " + online + ", wifi: " + wifi);
-				if ("".equals(country)) LOG.info("Country code unknown");
+				if (country.isEmpty()) LOG.info("Country code unknown");
 				else LOG.info("Country code: " + country);
 				LOG.info("Charging: " + charging);
 			}
 
-			try {
+			int reasonsDisabled = 0;
-				if (!online) {
+			boolean enableNetwork = false, enableBridges = false;
-					LOG.info("Disabling network, device is offline");
+			boolean useMeek = false, enableConnectionPadding = false;
-					enableNetwork(false);
+
-				} else if (!charging && onlyWhenCharging) {
+			if (!online) {
-					LOG.info("Disabling network, device is on battery");
+				LOG.info("Disabling network, device is offline");
-					enableNetwork(false);
+			} else {
-				} else if (network == PREF_TOR_NETWORK_NEVER ||
+				if (!enabledByUser) {
-						(!useMobile && !wifi)) {
+					LOG.info("User has disabled Tor");
-					LOG.info("Disabling network, device is using mobile data");
+					reasonsDisabled |= REASON_USER;
-					enableNetwork(false);
+				}
-				} else if (automatic && blocked && !bridgesWork) {
+				if (!charging && onlyWhenCharging) {
-					LOG.info("Disabling network, country is blocked");
+					LOG.info("Configured not to use battery");
-					enableNetwork(false);
+					reasonsDisabled |= REASON_BATTERY;
-				} else if (network == PREF_TOR_NETWORK_WITH_BRIDGES ||
+				}
-						(automatic && bridgesWork)) {
+				if (!useMobile && !wifi) {
-					if (circumventionProvider.needsMeek(country)) {
+					LOG.info("Configured not to use mobile data");
-						LOG.info("Enabling network, using meek bridges");
+					reasonsDisabled |= REASON_MOBILE_DATA;
-						enableBridges(true, true);
+				}
+				if (automatic && blocked && !bridgesWork) {
+					LOG.info("Country is blocked");
+					reasonsDisabled |= REASON_COUNTRY_BLOCKED;
+				}
+
+				if (reasonsDisabled != 0) {
+					LOG.info("Disabling network due to settings");
+				} else {
+					LOG.info("Enabling network");
+					enableNetwork = true;
+					if (network == PREF_TOR_NETWORK_WITH_BRIDGES ||
+							(automatic && bridgesWork)) {
+						if (circumventionProvider.needsMeek(country)) {
+							LOG.info("Using meek bridges");
+							enableBridges = true;
+							useMeek = true;
+						} else {
+							LOG.info("Using obfs4 bridges");
+							enableBridges = true;
+						}
 					} else {
-						LOG.info("Enabling network, using obfs4 bridges");
+						LOG.info("Not using bridges");
-						enableBridges(true, false);
+					}
+					if (wifi && charging) {
+						LOG.info("Enabling connection padding");
+						enableConnectionPadding = true;
+					} else {
+						LOG.info("Disabling connection padding");
 					}
-					enableNetwork(true);
-				} else {
-					LOG.info("Enabling network, not using bridges");
-					enableBridges(false, false);
-					enableNetwork(true);
 				}
-				if (online && wifi && charging) {
+			}
-					LOG.info("Enabling connection padding");
+
-					enableConnectionPadding(true);
+			state.setReasonsDisabled(reasonsDisabled);
-				} else {
+
-					LOG.info("Disabling connection padding");
+			try {
-					enableConnectionPadding(false);
+				if (enableNetwork) {
+					enableBridges(enableBridges, useMeek);
+					enableConnectionPadding(enableConnectionPadding);
 				}
+				enableNetwork(enableNetwork);
 			} catch (IOException e) {
 				logException(LOG, WARNING, e);
 			}
@@ -810,33 +857,96 @@ abstract class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void enableConnectionPadding(boolean enable) throws IOException {
-		if (!running) return;
 		controlConnection.setConf("ConnectionPadding", enable ? "1" : "0");
 	}
 
-	private static class ConnectionStatus {
+	@ThreadSafe
+	@NotNullByDefault
+	protected class PluginState {
 
-		// All of the following are locking: this
+		@GuardedBy("this")
-		private boolean networkEnabled = false;
+		private boolean started = false,
-		private boolean bootstrapped = false, circuitBuilt = false;
+				stopped = false,
+				networkInitialised = false,
+				networkEnabled = false,
+				bootstrapped = false,
+				circuitBuilt = false,
+				settingsChecked = false;
 
-		private synchronized void setBootstrapped() {
+		@GuardedBy("this")
-			bootstrapped = true;
+		private int reasonsDisabled = 0;
+
+		@GuardedBy("this")
+		@Nullable
+		private ServerSocket serverSocket = null;
+
+		synchronized void setStarted() {
+			started = true;
+			callback.pluginStateChanged(getState());
 		}
 
-		private synchronized boolean getAndSetCircuitBuilt() {
+		synchronized boolean isTorRunning() {
+			return started && !stopped;
+		}
+
+		@Nullable
+		synchronized ServerSocket setStopped() {
+			stopped = true;
+			ServerSocket ss = serverSocket;
+			serverSocket = null;
+			callback.pluginStateChanged(getState());
+			return ss;
+		}
+
+		synchronized void setBootstrapped() {
+			bootstrapped = true;
+			callback.pluginStateChanged(getState());
+		}
+
+		synchronized boolean getAndSetCircuitBuilt() {
 			boolean firstCircuit = !circuitBuilt;
 			circuitBuilt = true;
+			callback.pluginStateChanged(getState());
 			return firstCircuit;
 		}
 
-		private synchronized void enableNetwork(boolean enable) {
+		synchronized void enableNetwork(boolean enable) {
+			networkInitialised = true;
 			networkEnabled = enable;
 			if (!enable) circuitBuilt = false;
+			callback.pluginStateChanged(getState());
 		}
 
-		private synchronized boolean isConnected() {
+		synchronized void setReasonsDisabled(int reasonsDisabled) {
-			return networkEnabled && bootstrapped && circuitBuilt;
+			settingsChecked = true;
+			this.reasonsDisabled = reasonsDisabled;
+			callback.pluginStateChanged(getState());
+		}
+
+		// Doesn't affect getState()
+		synchronized boolean setServerSocket(ServerSocket ss) {
+			if (stopped || serverSocket != null) return false;
+			serverSocket = ss;
+			return true;
+		}
+
+		// Doesn't affect getState()
+		synchronized void clearServerSocket(ServerSocket ss) {
+			if (serverSocket == ss) serverSocket = null;
+		}
+
+		synchronized State getState() {
+			if (!started || stopped || !settingsChecked) {
+				return STARTING_STOPPING;
+			}
+			if (reasonsDisabled != 0) return DISABLED;
+			if (!networkInitialised) return ENABLING;
+			if (!networkEnabled) return INACTIVE;
+			return bootstrapped && circuitBuilt ? ACTIVE : ENABLING;
+		}
+
+		synchronized int getReasonsDisabled() {
+			return getState() == DISABLED ? reasonsDisabled : 0;
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/properties/TransportPropertyManagerImpl.java

@@ -37,6 +37,11 @@ import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.GROUP_KEY_DISCOVERED;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_LOCAL;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_TRANSPORT_ID;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_VERSION;
+
 @Immutable
 @NotNullByDefault
 class TransportPropertyManagerImpl implements TransportPropertyManager,
@@ -111,10 +116,10 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		try {
 			// Find the latest update for this transport, if any
 			BdfDictionary d = metadataParser.parse(meta);
-			TransportId t = new TransportId(d.getString("transportId"));
+			TransportId t = new TransportId(d.getString(MSG_KEY_TRANSPORT_ID));
 			LatestUpdate latest = findLatest(txn, m.getGroupId(), t, false);
 			if (latest != null) {
-				if (d.getLong("version") > latest.version) {
+				if (d.getLong(MSG_KEY_VERSION) > latest.version) {
 					// This update is newer - delete the previous update
 					db.deleteMessage(txn, latest.messageId);
 					db.deleteMessageMetadata(txn, latest.messageId);
@@ -140,6 +145,27 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		}
 	}
 
+	@Override
+	public void addRemotePropertiesFromConnection(ContactId c, TransportId t,
+			TransportProperties props) throws DbException {
+		if (props.isEmpty()) return;
+		try {
+			db.transaction(false, txn -> {
+				Group g = getContactGroup(db.getContact(txn, c));
+				BdfDictionary meta = clientHelper.getGroupMetadataAsDictionary(
+						txn, g.getId());
+				BdfDictionary discovered =
+						meta.getOptionalDictionary(GROUP_KEY_DISCOVERED);
+				if (discovered == null) discovered = new BdfDictionary();
+				discovered.putAll(props);
+				meta.put(GROUP_KEY_DISCOVERED, discovered);
+				clientHelper.mergeGroupMetadata(txn, g.getId(), meta);
+			});
+		} catch (FormatException e) {
+			throw new DbException(e);
+		}
+	}
+
 	@Override
 	public Map<TransportId, TransportProperties> getLocalProperties()
 			throws DbException {
@@ -203,12 +229,26 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		Group g = getContactGroup(c);
 		try {
 			// Find the latest remote update
+			TransportProperties remote;
 			LatestUpdate latest = findLatest(txn, g.getId(), t, false);
-			if (latest == null) return new TransportProperties();
+			if (latest == null) {
-			// Retrieve and parse the latest remote properties
+				remote = new TransportProperties();
-			BdfList message =
+			} else {
-					clientHelper.getMessageAsList(txn, latest.messageId);
+				// Retrieve and parse the latest remote properties
-			return parseProperties(message);
+				BdfList message =
+						clientHelper.getMessageAsList(txn, latest.messageId);
+				remote = parseProperties(message);
+			}
+			// Merge in any discovered properties
+			BdfDictionary meta =
+					clientHelper.getGroupMetadataAsDictionary(txn, g.getId());
+			BdfDictionary d = meta.getOptionalDictionary(GROUP_KEY_DISCOVERED);
+			if (d == null) return remote;
+			TransportProperties merged =
+					clientHelper.parseAndValidateTransportProperties(d);
+			// Received properties override discovered properties
+			merged.putAll(remote);
+			return merged;
 		} catch (FormatException e) {
 			throw new DbException(e);
 		}
@@ -281,9 +321,9 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 			long now = clock.currentTimeMillis();
 			Message m = clientHelper.createMessage(g, now, body);
 			BdfDictionary meta = new BdfDictionary();
-			meta.put("transportId", t.getString());
+			meta.put(MSG_KEY_TRANSPORT_ID, t.getString());
-			meta.put("version", version);
+			meta.put(MSG_KEY_VERSION, version);
-			meta.put("local", local);
+			meta.put(MSG_KEY_LOCAL, local);
 			clientHelper.addLocalMessage(txn, m, meta, shared, false);
 		} catch (FormatException e) {
 			throw new RuntimeException(e);
@@ -302,8 +342,9 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 				.getMessageMetadataAsDictionary(txn, localGroup.getId());
 		for (Entry<MessageId, BdfDictionary> e : metadata.entrySet()) {
 			BdfDictionary meta = e.getValue();
-			TransportId t = new TransportId(meta.getString("transportId"));
+			TransportId t =
-			long version = meta.getLong("version");
+					new TransportId(meta.getString(MSG_KEY_TRANSPORT_ID));
+			long version = meta.getLong(MSG_KEY_VERSION);
 			latestUpdates.put(t, new LatestUpdate(e.getKey(), version));
 		}
 		return latestUpdates;
@@ -316,9 +357,10 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 				clientHelper.getMessageMetadataAsDictionary(txn, g);
 		for (Entry<MessageId, BdfDictionary> e : metadata.entrySet()) {
 			BdfDictionary meta = e.getValue();
-			if (meta.getString("transportId").equals(t.getString())
+			if (meta.getString(MSG_KEY_TRANSPORT_ID).equals(t.getString())
-					&& meta.getBoolean("local") == local) {
+					&& meta.getBoolean(MSG_KEY_LOCAL) == local) {
-				return new LatestUpdate(e.getKey(), meta.getLong("version"));
+				return new LatestUpdate(e.getKey(),
+						meta.getLong(MSG_KEY_VERSION));
 			}
 		}
 		return null;