Don't allow multiple messages to be queued in memory for validation at startup.

Make briar-headless.jar deterministic

See merge request briar/briar!1282

.idea/codeStyles/Project.xml

@@ -1,8 +1,5 @@
 <component name="ProjectCodeStyleConfiguration">
   <code_scheme name="Project" version="173">
-    <AndroidXmlCodeStyleSettings>
-      <option name="ARRANGEMENT_SETTINGS_MIGRATED_TO_191" value="true" />
-    </AndroidXmlCodeStyleSettings>
     <JavaCodeStyleSettings>
       <option name="ANNOTATION_PARAMETER_WRAP" value="1" />
       <option name="IMPORT_LAYOUT_TABLE">

TRANSLATION.md

@@ -0,0 +1,9 @@
+Translations for this project are managed through Transifex:
+
+https://transifex.com/otf/briar
+
+If you'd like to volunteer as a translator, please create a Transifex account and request to be
+added to the project's translation team. The Localization Lab has some instructions and advice for
+translators here:
+
+https://wiki.localizationlab.org/index.php/Briar

bramble-android/build.gradle

@@ -11,8 +11,8 @@ android {
 	defaultConfig {
 		minSdkVersion 16
 		targetSdkVersion 28
-		versionCode 10207
+		versionCode 10209
-		versionName "1.2.7"
+		versionName "1.2.9"
 		consumerProguardFiles 'proguard-rules.txt'
 
 		testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
@@ -38,7 +38,7 @@ configurations {
 
 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
-	tor 'org.briarproject:tor-android:0.3.5.9@zip'
+	tor 'org.briarproject:tor-android:0.3.5.10@zip'
 	tor 'org.briarproject:obfs4proxy-android:0.0.11-2@zip'
 
 	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'

bramble-android/src/main/AndroidManifest.xml

@@ -16,6 +16,8 @@
 		android:label="@string/app_name"
 		android:supportsRtl="true">
 
+		<receiver android:name=".system.AlarmReceiver" />
+
 	</application>
 
 </manifest>

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidModule.java

@@ -6,6 +6,8 @@ import org.briarproject.bramble.plugin.tor.CircumventionModule;
 import org.briarproject.bramble.reporting.ReportingModule;
 import org.briarproject.bramble.socks.SocksModule;
 import org.briarproject.bramble.system.AndroidSystemModule;
+import org.briarproject.bramble.system.AndroidTaskSchedulerModule;
+import org.briarproject.bramble.system.AndroidWakefulIoExecutorModule;
 
 import dagger.Module;
 
@@ -13,6 +15,8 @@ import dagger.Module;
 		AndroidBatteryModule.class,
 		AndroidNetworkModule.class,
 		AndroidSystemModule.class,
+		AndroidTaskSchedulerModule.class,
+		AndroidWakefulIoExecutorModule.class,
 		CircumventionModule.class,
 		ReportingModule.class,
 		SocksModule.class

bramble-android/src/main/java/org/briarproject/bramble/BrambleAppComponent.java

@@ -0,0 +1,8 @@
+package org.briarproject.bramble;
+
+import org.briarproject.bramble.api.system.AlarmListener;
+
+public interface BrambleAppComponent {
+
+	AlarmListener alarmListener();
+}

bramble-android/src/main/java/org/briarproject/bramble/BrambleApplication.java

@@ -0,0 +1,6 @@
+package org.briarproject.bramble;
+
+public interface BrambleApplication {
+
+	BrambleAppComponent getBrambleAppComponent();
+}

bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java

@@ -12,6 +12,7 @@ import org.briarproject.bramble.api.identity.IdentityManager;
 
 import java.io.File;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import java.util.logging.Logger;
 
@@ -20,6 +21,7 @@ import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Arrays.asList;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
 import static org.briarproject.bramble.util.LogUtils.logFileOrDir;
@@ -30,6 +32,12 @@ class AndroidAccountManager extends AccountManagerImpl
 	private static final Logger LOG =
 			Logger.getLogger(AndroidAccountManager.class.getName());
 
+	/**
+	 * Directories that shouldn't be deleted when deleting the user's account.
+	 */
+	private static final List<String> PROTECTED_DIR_NAMES =
+			asList("cache", "code_cache", "lib", "shared_prefs");
+
 	protected final Context appContext;
 	private final SharedPreferences prefs;
 
@@ -81,7 +89,7 @@ class AndroidAccountManager extends AccountManagerImpl
 			if (!prefs.edit().clear().commit())
 				LOG.warning("Could not clear shared preferences");
 		}
-		// Delete files, except lib and shared_prefs directories
+		// Delete files, except protected directories
 		Set<File> files = new HashSet<>();
 		File dataDir = getDataDir();
 		@Nullable
@@ -90,14 +98,12 @@ class AndroidAccountManager extends AccountManagerImpl
 			LOG.warning("Could not list files in app data dir");
 		} else {
 			for (File file : fileArray) {
-				String name = file.getName();
+				if (!PROTECTED_DIR_NAMES.contains(file.getName())) {
-				if (!name.equals("lib") && !name.equals("shared_prefs")) {
 					files.add(file);
 				}
 			}
 		}
 		files.add(appContext.getFilesDir());
-		files.add(appContext.getCacheDir());
 		addIfNotNull(files, appContext.getExternalCacheDir());
 		if (SDK_INT >= 19) {
 			for (File file : appContext.getExternalCacheDirs()) {
@@ -109,12 +115,16 @@ class AndroidAccountManager extends AccountManagerImpl
 				addIfNotNull(files, file);
 			}
 		}
+		// Clear the cache directory but don't delete it
+		File cacheDir = appContext.getCacheDir();
+		File[] children = cacheDir.listFiles();
+		if (children != null) files.addAll(asList(children));
 		for (File file : files) {
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Deleting " + file.getAbsolutePath());
+			}
 			deleteFileOrDir(file);
 		}
-		// Recreate the cache dir as some OpenGL drivers expect it to exist
-		if (!new File(dataDir, "cache").mkdirs())
-			LOG.warning("Could not recreate cache dir");
 	}
 
 	private File getDataDir() {

bramble-android/src/main/java/org/briarproject/bramble/api/system/AlarmListener.java

@@ -0,0 +1,11 @@
+package org.briarproject.bramble.api.system;
+
+import android.content.Intent;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public interface AlarmListener {
+
+	void onAlarm(Intent intent);
+}

bramble-android/src/main/java/org/briarproject/bramble/api/system/AndroidWakeLock.java

@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public interface AndroidWakeLock {
+
+	/**
+	 * Acquires the wake lock. This has no effect if the wake lock has already
+	 * been acquired.
+	 */
+	void acquire();
+
+	/**
+	 * Releases the wake lock. This has no effect if the wake lock has already
+	 * been released.
+	 */
+	void release();
+}

bramble-android/src/main/java/org/briarproject/bramble/api/system/AndroidWakeLockManager.java

@@ -0,0 +1,38 @@
+package org.briarproject.bramble.api.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.concurrent.Executor;
+
+@NotNullByDefault
+public interface AndroidWakeLockManager {
+
+	/**
+	 * Creates a wake lock with the given tag. The tag is only used for
+	 * logging; the underlying OS wake lock will use its own tag.
+	 */
+	AndroidWakeLock createWakeLock(String tag);
+
+	/**
+	 * Runs the given task while holding a wake lock.
+	 */
+	void runWakefully(Runnable r, String tag);
+
+	/**
+	 * Submits the given task to the given executor while holding a wake lock.
+	 * The lock is released when the task completes, or if an exception is
+	 * thrown while submitting or running the task.
+	 */
+	void executeWakefully(Runnable r, Executor executor, String tag);
+
+	/**
+	 * Starts a dedicated thread to run the given task asynchronously. A wake
+	 * lock is acquired before starting the thread and released when the task
+	 * completes, or if an exception is thrown while starting the thread or
+	 * running the task.
+	 * <p>
+	 * This method should only be used for lifecycle management tasks that
+	 * can't be run on an executor.
+	 */
+	void executeWakefully(Runnable r, String tag);
+}

bramble-android/src/main/java/org/briarproject/bramble/network/AndroidNetworkManager.java

@@ -9,16 +9,17 @@ import android.net.ConnectivityManager;
 import android.net.NetworkInfo;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.event.EventExecutor;
 import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.network.NetworkStatus;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.system.Scheduler;
+import org.briarproject.bramble.api.system.TaskScheduler;
+import org.briarproject.bramble.api.system.TaskScheduler.Cancellable;
 
-import java.util.concurrent.Future;
+import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
@@ -32,6 +33,7 @@ import static android.content.Intent.ACTION_SCREEN_OFF;
 import static android.content.Intent.ACTION_SCREEN_ON;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
+import static android.net.wifi.p2p.WifiP2pManager.WIFI_P2P_THIS_DEVICE_CHANGED_ACTION;
 import static android.os.Build.VERSION.SDK_INT;
 import static android.os.PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED;
 import static java.util.concurrent.TimeUnit.MINUTES;
@@ -49,20 +51,22 @@ class AndroidNetworkManager implements NetworkManager, Service {
 	private static final String WIFI_AP_STATE_CHANGED_ACTION =
 			"android.net.wifi.WIFI_AP_STATE_CHANGED";
 
-	private final ScheduledExecutorService scheduler;
+	private final TaskScheduler scheduler;
 	private final EventBus eventBus;
+	private final Executor eventExecutor;
 	private final Context appContext;
-	private final AtomicReference<Future<?>> connectivityCheck =
+	private final AtomicReference<Cancellable> connectivityCheck =
 			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
 	private volatile BroadcastReceiver networkStateReceiver = null;
 
 	@Inject
-	AndroidNetworkManager(@Scheduler ScheduledExecutorService scheduler,
+	AndroidNetworkManager(TaskScheduler scheduler, EventBus eventBus,
-			EventBus eventBus, Application app) {
+			@EventExecutor Executor eventExecutor, Application app) {
 		this.scheduler = scheduler;
 		this.eventBus = eventBus;
+		this.eventExecutor = eventExecutor;
 		this.appContext = app.getApplicationContext();
 	}
 
@@ -76,9 +80,9 @@ class AndroidNetworkManager implements NetworkManager, Service {
 		filter.addAction(ACTION_SCREEN_ON);
 		filter.addAction(ACTION_SCREEN_OFF);
 		filter.addAction(WIFI_AP_STATE_CHANGED_ACTION);
+		filter.addAction(WIFI_P2P_THIS_DEVICE_CHANGED_ACTION);
 		if (SDK_INT >= 23) filter.addAction(ACTION_DEVICE_IDLE_MODE_CHANGED);
 		appContext.registerReceiver(networkStateReceiver, filter);
-
 	}
 
 	@Override
@@ -103,11 +107,12 @@ class AndroidNetworkManager implements NetworkManager, Service {
 	}
 
 	private void scheduleConnectionStatusUpdate(int delay, TimeUnit unit) {
-		Future<?> newConnectivityCheck =
+		Cancellable newConnectivityCheck =
-				scheduler.schedule(this::updateConnectionStatus, delay, unit);
+				scheduler.schedule(this::updateConnectionStatus, eventExecutor,
-		Future<?> oldConnectivityCheck =
+						delay, unit);
+		Cancellable oldConnectivityCheck =
 				connectivityCheck.getAndSet(newConnectivityCheck);
-		if (oldConnectivityCheck != null) oldConnectivityCheck.cancel(false);
+		if (oldConnectivityCheck != null) oldConnectivityCheck.cancel();
 	}
 
 	private class NetworkStateReceiver extends BroadcastReceiver {
@@ -136,7 +141,8 @@ class AndroidNetworkManager implements NetworkManager, Service {
 		}
 
 		private boolean isApEvent(@Nullable String action) {
-			return WIFI_AP_STATE_CHANGED_ACTION.equals(action);
+			return WIFI_AP_STATE_CHANGED_ACTION.equals(action) ||
+					WIFI_P2P_THIS_DEVICE_CHANGED_ACTION.equals(action);
 		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothConnectionFactory.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.plugin.bluetooth;
+
+import android.bluetooth.BluetoothSocket;
+
+import org.briarproject.bramble.api.io.TimeoutMonitor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
+
+import java.io.IOException;
+
+@NotNullByDefault
+class AndroidBluetoothConnectionFactory
+		implements BluetoothConnectionFactory<BluetoothSocket> {
+
+	private final BluetoothConnectionLimiter connectionLimiter;
+	private final AndroidWakeLockManager wakeLockManager;
+	private final TimeoutMonitor timeoutMonitor;
+
+	AndroidBluetoothConnectionFactory(
+			BluetoothConnectionLimiter connectionLimiter,
+			AndroidWakeLockManager wakeLockManager,
+			TimeoutMonitor timeoutMonitor) {
+		this.connectionLimiter = connectionLimiter;
+		this.wakeLockManager = wakeLockManager;
+		this.timeoutMonitor = timeoutMonitor;
+	}
+
+	@Override
+	public DuplexTransportConnection wrapSocket(DuplexPlugin plugin,
+			BluetoothSocket s) throws IOException {
+		return new AndroidBluetoothTransportConnection(plugin,
+				connectionLimiter, wakeLockManager, timeoutMonitor, s);
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
+import android.app.Application;
 import android.bluetooth.BluetoothAdapter;
 import android.bluetooth.BluetoothDevice;
 import android.bluetooth.BluetoothServerSocket;
@@ -58,7 +59,8 @@ import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
-class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
+class AndroidBluetoothPlugin
+		extends BluetoothPlugin<BluetoothSocket, BluetoothServerSocket> {
 
 	private static final Logger LOG =
 			getLogger(AndroidBluetoothPlugin.class.getName());
@@ -66,23 +68,31 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	private static final int MAX_DISCOVERY_MS = 10_000;
 
 	private final AndroidExecutor androidExecutor;
-	private final Context appContext;
+	private final Application app;
 	private final Clock clock;
 
-	private volatile boolean wasEnabledByUs = false;
 	private volatile BluetoothStateReceiver receiver = null;
 
 	// Non-null if the plugin started successfully
 	private volatile BluetoothAdapter adapter = null;
 
 	AndroidBluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			Executor ioExecutor, AndroidExecutor androidExecutor,
+			BluetoothConnectionFactory<BluetoothSocket> connectionFactory,
-			Context appContext, SecureRandom secureRandom, Clock clock,
+			Executor ioExecutor,
-			Backoff backoff, PluginCallback callback, int maxLatency) {
+			Executor wakefulIoExecutor,
-		super(connectionLimiter, ioExecutor, secureRandom, backoff, callback,
+			SecureRandom secureRandom,
-				maxLatency);
+			AndroidExecutor androidExecutor,
+			Application app,
+			Clock clock,
+			Backoff backoff,
+			PluginCallback callback,
+			int maxLatency,
+			int maxIdleTime) {
+		super(connectionLimiter, connectionFactory, ioExecutor,
+				wakefulIoExecutor, secureRandom, backoff, callback,
+				maxLatency, maxIdleTime);
 		this.androidExecutor = androidExecutor;
-		this.appContext = appContext;
+		this.app = app;
 		this.clock = clock;
 	}
 
@@ -94,13 +104,13 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		filter.addAction(ACTION_STATE_CHANGED);
 		filter.addAction(ACTION_SCAN_MODE_CHANGED);
 		receiver = new BluetoothStateReceiver();
-		appContext.registerReceiver(receiver, filter);
+		app.registerReceiver(receiver, filter);
 	}
 
 	@Override
 	public void stop() {
 		super.stop();
-		if (receiver != null) appContext.unregisterReceiver(receiver);
+		if (receiver != null) app.unregisterReceiver(receiver);
 	}
 
 	@Override
@@ -122,36 +132,10 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		return adapter != null && adapter.isEnabled();
 	}
 
-	@Override
-	void enableAdapter() {
-		if (adapter != null && !adapter.isEnabled()) {
-			if (adapter.enable()) {
-				LOG.info("Enabling Bluetooth");
-				wasEnabledByUs = true;
-			} else {
-				LOG.info("Could not enable Bluetooth");
-			}
-		}
-	}
-
-	@Override
-	void disableAdapterIfEnabledByUs() {
-		if (isAdapterEnabled() && wasEnabledByUs) {
-			if (adapter.disable()) LOG.info("Disabling Bluetooth");
-			else LOG.info("Could not disable Bluetooth");
-			wasEnabledByUs = false;
-		}
-	}
-
-	@Override
-	void setEnabledByUs() {
-		wasEnabledByUs = true;
-	}
-
 	@Override
 	@Nullable
 	String getBluetoothAddress() {
-		String address = AndroidUtils.getBluetoothAddress(appContext, adapter);
+		String address = AndroidUtils.getBluetoothAddress(app, adapter);
 		return address.isEmpty() ? null : address;
 	}
 
@@ -169,12 +153,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	@Override
 	DuplexTransportConnection acceptConnection(BluetoothServerSocket ss)
 			throws IOException {
-		return wrapSocket(ss.accept());
+		return connectionFactory.wrapSocket(this, ss.accept());
-	}
-
-	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
-		return new AndroidBluetoothTransportConnection(this,
-				connectionLimiter, s);
 	}
 
 	@Override
@@ -191,7 +170,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		try {
 			s = d.createInsecureRfcommSocketToServiceRecord(u);
 			s.connect();
-			return wrapSocket(s);
+			return connectionFactory.wrapSocket(this, s);
 		} catch (IOException e) {
 			IoUtils.tryToClose(s, LOG, WARNING);
 			throw e;
@@ -226,7 +205,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		filter.addAction(ACTION_DISCOVERY_STARTED);
 		filter.addAction(ACTION_DISCOVERY_FINISHED);
 		filter.addAction(ACTION_FOUND);
-		appContext.registerReceiver(receiver, filter);
+		app.registerReceiver(receiver, filter);
 		try {
 			if (adapter.startDiscovery()) {
 				long now = clock.currentTimeMillis();
@@ -263,7 +242,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		} finally {
 			LOG.info("Cancelling discovery");
 			adapter.cancelDiscovery();
-			appContext.unregisterReceiver(receiver);
+			app.unregisterReceiver(receiver);
 		}
 		// Shuffle the addresses so we don't always try the same one first
 		shuffle(addresses);

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java

@@ -1,8 +1,11 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
-import android.content.Context;
+import android.app.Application;
+import android.bluetooth.BluetoothSocket;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -11,12 +14,15 @@ import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.system.AndroidExecutor;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
 import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.api.system.WakefulIoExecutor;
 
 import java.security.SecureRandom;
 import java.util.concurrent.Executor;
 
 import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
 
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 
@@ -25,28 +31,41 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
 	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
-	private final Executor ioExecutor;
+	private final Executor ioExecutor, wakefulIoExecutor;
 	private final AndroidExecutor androidExecutor;
-	private final Context appContext;
+	private final AndroidWakeLockManager wakeLockManager;
+	private final Application app;
 	private final SecureRandom secureRandom;
 	private final EventBus eventBus;
 	private final Clock clock;
+	private final TimeoutMonitor timeoutMonitor;
 	private final BackoffFactory backoffFactory;
 
-	public AndroidBluetoothPluginFactory(Executor ioExecutor,
+	@Inject
-			AndroidExecutor androidExecutor, Context appContext,
+	public AndroidBluetoothPluginFactory(@IoExecutor Executor ioExecutor,
-			SecureRandom secureRandom, EventBus eventBus, Clock clock,
+			@WakefulIoExecutor Executor wakefulIoExecutor,
+			AndroidExecutor androidExecutor,
+			AndroidWakeLockManager wakeLockManager,
+			Application app,
+			SecureRandom secureRandom,
+			EventBus eventBus,
+			Clock clock,
+			TimeoutMonitor timeoutMonitor,
 			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
+		this.wakefulIoExecutor = wakefulIoExecutor;
 		this.androidExecutor = androidExecutor;
-		this.appContext = appContext;
+		this.wakeLockManager = wakeLockManager;
+		this.app = app;
 		this.secureRandom = secureRandom;
 		this.eventBus = eventBus;
 		this.clock = clock;
+		this.timeoutMonitor = timeoutMonitor;
 		this.backoffFactory = backoffFactory;
 	}
 
@@ -63,12 +82,16 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	@Override
 	public DuplexPlugin createPlugin(PluginCallback callback) {
 		BluetoothConnectionLimiter connectionLimiter =
-				new BluetoothConnectionLimiterImpl();
+				new BluetoothConnectionLimiterImpl(eventBus);
+		BluetoothConnectionFactory<BluetoothSocket> connectionFactory =
+				new AndroidBluetoothConnectionFactory(connectionLimiter,
+						wakeLockManager, timeoutMonitor);
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidBluetoothPlugin plugin = new AndroidBluetoothPlugin(
-				connectionLimiter, ioExecutor, androidExecutor, appContext,
+				connectionLimiter, connectionFactory, ioExecutor,
-				secureRandom, clock, backoff, callback, MAX_LATENCY);
+				wakefulIoExecutor, secureRandom, androidExecutor, app,
+				clock, backoff, callback, MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothTransportConnection.java

@@ -2,32 +2,48 @@ package org.briarproject.bramble.plugin.bluetooth;
 
 import android.bluetooth.BluetoothSocket;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
+import org.briarproject.bramble.api.system.AndroidWakeLock;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.util.AndroidUtils.isValidBluetoothAddress;
+
 @NotNullByDefault
 class AndroidBluetoothTransportConnection
 		extends AbstractDuplexTransportConnection {
 
-	private final BluetoothConnectionLimiter connectionManager;
+	private final BluetoothConnectionLimiter connectionLimiter;
 	private final BluetoothSocket socket;
+	private final InputStream in;
+	private final AndroidWakeLock wakeLock;
 
 	AndroidBluetoothTransportConnection(Plugin plugin,
-			BluetoothConnectionLimiter connectionManager,
+			BluetoothConnectionLimiter connectionLimiter,
-			BluetoothSocket socket) {
+			AndroidWakeLockManager wakeLockManager,
+			TimeoutMonitor timeoutMonitor,
+			BluetoothSocket socket) throws IOException {
 		super(plugin);
-		this.connectionManager = connectionManager;
+		this.connectionLimiter = connectionLimiter;
 		this.socket = socket;
+		in = timeoutMonitor.createTimeoutInputStream(
+				socket.getInputStream(), plugin.getMaxIdleTime() * 2);
+		wakeLock = wakeLockManager.createWakeLock("BluetoothConnection");
+		wakeLock.acquire();
+		String address = socket.getRemoteDevice().getAddress();
+		if (isValidBluetoothAddress(address)) remote.put(PROP_ADDRESS, address);
 	}
 
 	@Override
-	protected InputStream getInputStream() throws IOException {
+	protected InputStream getInputStream() {
-		return socket.getInputStream();
+		return in;
 	}
 
 	@Override
@@ -39,8 +55,10 @@ class AndroidBluetoothTransportConnection
 	protected void closeConnection(boolean exception) throws IOException {
 		try {
 			socket.close();
+			in.close();
 		} finally {
-			connectionManager.connectionClosed(this);
+			wakeLock.release();
+			connectionLimiter.connectionClosed(this);
 		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -1,25 +1,32 @@
 package org.briarproject.bramble.plugin.tcp;
 
-import android.content.Context;
+import android.annotation.TargetApi;
+import android.app.Application;
 import android.net.ConnectivityManager;
+import android.net.LinkAddress;
+import android.net.LinkProperties;
 import android.net.Network;
-import android.net.NetworkInfo;
+import android.net.NetworkCapabilities;
 import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;
 
 import org.briarproject.bramble.PoliteExecutor;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.PluginCallback;
+import org.briarproject.bramble.api.settings.Settings;
 
 import java.io.IOException;
 import java.net.InetAddress;
+import java.net.InterfaceAddress;
+import java.net.NetworkInterface;
 import java.net.Socket;
+import java.net.SocketException;
 import java.net.UnknownHostException;
-import java.util.Collection;
+import java.util.List;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
@@ -28,31 +35,26 @@ import javax.net.SocketFactory;
 
 import static android.content.Context.CONNECTIVITY_SERVICE;
 import static android.content.Context.WIFI_SERVICE;
-import static android.net.ConnectivityManager.TYPE_WIFI;
+import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Collections.emptyList;
+import static java.util.Collections.list;
 import static java.util.Collections.singletonList;
+import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.api.plugin.LanTcpConstants.DEFAULT_PREF_PLUGIN_ENABLE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
+import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
+import static org.briarproject.bramble.util.IoUtils.tryToClose;
+import static org.briarproject.bramble.util.LogUtils.logException;
 
 @NotNullByDefault
-class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
+class AndroidLanTcpPlugin extends LanTcpPlugin {
 
 	private static final Logger LOG =
 			getLogger(AndroidLanTcpPlugin.class.getName());
 
-	private static final byte[] WIFI_AP_ADDRESS_BYTES =
-			{(byte) 192, (byte) 168, 43, 1};
-	private static final InetAddress WIFI_AP_ADDRESS;
-
-	static {
-		try {
-			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
-		} catch (UnknownHostException e) {
-			// Should only be thrown if the address has an illegal length
-			throw new AssertionError(e);
-		}
-	}
-
 	private final Executor connectionStatusExecutor;
 	private final ConnectivityManager connectivityManager;
 	@Nullable
@@ -60,53 +62,160 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
 	private volatile SocketFactory socketFactory;
 
-	AndroidLanTcpPlugin(Executor ioExecutor, Context appContext,
+	AndroidLanTcpPlugin(Executor ioExecutor,
-			Backoff backoff, PluginCallback callback, int maxLatency,
+			Executor wakefulIoExecutor,
-			int maxIdleTime) {
+			Application app,
-		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
+			Backoff backoff,
+			PluginCallback callback,
+			int maxLatency,
+			int maxIdleTime,
+			int connectionTimeout) {
+		super(ioExecutor, wakefulIoExecutor, backoff, callback, maxLatency,
+				maxIdleTime, connectionTimeout);
 		// Don't execute more than one connection status check at a time
 		connectionStatusExecutor =
 				new PoliteExecutor("AndroidLanTcpPlugin", ioExecutor, 1);
-		ConnectivityManager connectivityManager = (ConnectivityManager)
+		connectivityManager = (ConnectivityManager)
-				appContext.getSystemService(CONNECTIVITY_SERVICE);
+				requireNonNull(app.getSystemService(CONNECTIVITY_SERVICE));
-		if (connectivityManager == null) throw new AssertionError();
+		wifiManager = (WifiManager) app.getSystemService(WIFI_SERVICE);
-		this.connectivityManager = connectivityManager;
-		wifiManager = (WifiManager) appContext.getApplicationContext()
-				.getSystemService(WIFI_SERVICE);
 		socketFactory = SocketFactory.getDefault();
 	}
 
 	@Override
 	public void start() {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		running = true;
+		initialisePortProperty();
+		Settings settings = callback.getSettings();
+		state.setStarted(settings.getBoolean(PREF_PLUGIN_ENABLE,
+				DEFAULT_PREF_PLUGIN_ENABLE));
 		updateConnectionStatus();
 	}
 
-	@Override
-	public void stop() {
-		running = false;
-		tryToClose(socket);
-	}
-
 	@Override
 	protected Socket createSocket() throws IOException {
 		return socketFactory.createSocket();
 	}
 
 	@Override
-	protected Collection<InetAddress> getLocalIpAddresses() {
+	protected List<InetAddress> getUsableLocalInetAddresses(boolean ipv4) {
-		// If the device doesn't have wifi, don't open any sockets
+		InetAddress addr = getWifiAddress(ipv4);
-		if (wifiManager == null) return emptyList();
+		return addr == null ? emptyList() : singletonList(addr);
-		// If we're connected to a wifi network, use that network
+	}
+
+	@Nullable
+	private InetAddress getWifiAddress(boolean ipv4) {
+		Pair<InetAddress, Boolean> wifi = getWifiIpv4Address();
+		if (ipv4) return wifi == null ? null : wifi.getFirst();
+		// If there's no wifi IPv4 address, we might be a client on an
+		// IPv6-only wifi network. We can only detect this on API 21+
+		if (wifi == null) {
+			return SDK_INT >= 21 ? getWifiClientIpv6Address() : null;
+		}
+		// Use the wifi IPv4 address to determine which interface's IPv6
+		// address we should return (if the interface has a suitable address)
+		return getIpv6AddressForInterface(wifi.getFirst());
+	}
+
+	/**
+	 * Returns a {@link Pair} where the first element is the IPv4 address of
+	 * the wifi interface and the second element is true if this device is
+	 * providing an access point, or false if this device is a client. Returns
+	 * null if this device isn't connected to wifi as an access point or client.
+	 */
+	@Nullable
+	private Pair<InetAddress, Boolean> getWifiIpv4Address() {
+		if (wifiManager == null) return null;
+		// If we're connected to a wifi network, return its address
 		WifiInfo info = wifiManager.getConnectionInfo();
-		if (info != null && info.getIpAddress() != 0)
+		if (info != null && info.getIpAddress() != 0) {
-			return singletonList(intToInetAddress(info.getIpAddress()));
+			return new Pair<>(intToInetAddress(info.getIpAddress()), false);
-		// If we're running an access point, return its address
+		}
-		if (super.getLocalIpAddresses().contains(WIFI_AP_ADDRESS))
+		List<InterfaceAddress> ifAddrs = getLocalInterfaceAddresses();
-			return singletonList(WIFI_AP_ADDRESS);
+		// If we're providing a normal access point, return its address
-		// No suitable addresses
+		for (InterfaceAddress ifAddr : ifAddrs) {
-		return emptyList();
+			if (isAndroidWifiApAddress(ifAddr)) {
+				return new Pair<>(ifAddr.getAddress(), true);
+			}
+		}
+		// If we're providing a wifi direct access point, return its address
+		for (InterfaceAddress ifAddr : ifAddrs) {
+			if (isAndroidWifiDirectApAddress(ifAddr)) {
+				return new Pair<>(ifAddr.getAddress(), true);
+			}
+		}
+		// Not connected to wifi
+		return null;
+	}
+
+	/**
+	 * Returns true if the given address belongs to a network provided by an
+	 * Android access point (including the access point's own address).
+	 * <p>
+	 * The access point's address is usually 192.168.43.1, but at least one
+	 * device (Honor 8A) may use other addresses in the range 192.168.43.0/24.
+	 */
+	private boolean isAndroidWifiApAddress(InterfaceAddress ifAddr) {
+		if (ifAddr.getNetworkPrefixLength() != 24) return false;
+		byte[] ip = ifAddr.getAddress().getAddress();
+		return ip.length == 4
+				&& ip[0] == (byte) 192
+				&& ip[1] == (byte) 168
+				&& ip[2] == (byte) 43;
+	}
+
+	/**
+	 * Returns true if the given address belongs to a network provided by an
+	 * Android wifi direct legacy mode access point (including the access
+	 * point's own address).
+	 */
+	private boolean isAndroidWifiDirectApAddress(InterfaceAddress ifAddr) {
+		if (ifAddr.getNetworkPrefixLength() != 24) return false;
+		byte[] ip = ifAddr.getAddress().getAddress();
+		return ip.length == 4
+				&& ip[0] == (byte) 192
+				&& ip[1] == (byte) 168
+				&& ip[2] == (byte) 49;
+	}
+
+	/**
+	 * Returns a link-local IPv6 address for the wifi client interface, or null
+	 * if there's no such interface or it doesn't have a suitable address.
+	 */
+	@TargetApi(21)
+	@Nullable
+	private InetAddress getWifiClientIpv6Address() {
+		for (Network net : connectivityManager.getAllNetworks()) {
+			NetworkCapabilities caps =
+					connectivityManager.getNetworkCapabilities(net);
+			if (caps == null || !caps.hasTransport(TRANSPORT_WIFI)) continue;
+			LinkProperties props = connectivityManager.getLinkProperties(net);
+			if (props == null) continue;
+			for (LinkAddress linkAddress : props.getLinkAddresses()) {
+				InetAddress addr = linkAddress.getAddress();
+				if (isIpv6LinkLocalAddress(addr)) return addr;
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * Returns a link-local IPv6 address for the interface with the given IPv4
+	 * address, or null if the interface doesn't have a suitable address.
+	 */
+	@Nullable
+	private InetAddress getIpv6AddressForInterface(InetAddress ipv4) {
+		try {
+			NetworkInterface iface = NetworkInterface.getByInetAddress(ipv4);
+			if (iface == null) return null;
+			for (InetAddress addr : list(iface.getInetAddresses())) {
+				if (isIpv6LinkLocalAddress(addr)) return addr;
+			}
+			// No suitable address
+			return null;
+		} catch (SocketException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
 	}
 
 	private InetAddress intToInetAddress(int ip) {
@@ -128,9 +237,11 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 	private SocketFactory getSocketFactory() {
 		if (SDK_INT < 21) return SocketFactory.getDefault();
 		for (Network net : connectivityManager.getAllNetworks()) {
-			NetworkInfo info = connectivityManager.getNetworkInfo(net);
+			NetworkCapabilities caps =
-			if (info != null && info.getType() == TYPE_WIFI)
+					connectivityManager.getNetworkCapabilities(net);
+			if (caps != null && caps.hasTransport(TRANSPORT_WIFI)) {
 				return net.getSocketFactory();
+			}
 		}
 		LOG.warning("Could not find suitable socket factory");
 		return SocketFactory.getDefault();
@@ -138,30 +249,59 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
 	@Override
 	public void eventOccurred(Event e) {
+		super.eventOccurred(e);
 		if (e instanceof NetworkStatusEvent) updateConnectionStatus();
 	}
 
 	private void updateConnectionStatus() {
 		connectionStatusExecutor.execute(() -> {
-			if (!running) return;
+			State s = getState();
-			Collection<InetAddress> addrs = getLocalIpAddresses();
+			if (s != ACTIVE && s != INACTIVE) return;
-			if (addrs.contains(WIFI_AP_ADDRESS)) {
+			Pair<InetAddress, Boolean> wifi = getPreferredWifiAddress();
+			if (wifi == null) {
+				LOG.info("Not connected to wifi");
+				socketFactory = SocketFactory.getDefault();
+				// Server sockets may not have been closed automatically when
+				// interface was taken down. If any sockets are open, closing
+				// them here will cause the sockets to be cleared and the state
+				// to be updated in acceptContactConnections()
+				if (s == ACTIVE) {
+					LOG.info("Closing server sockets");
+					tryToClose(state.getServerSocket(true), LOG, WARNING);
+					tryToClose(state.getServerSocket(false), LOG, WARNING);
+				}
+			} else if (wifi.getSecond()) {
 				LOG.info("Providing wifi hotspot");
 				// There's no corresponding Network object and thus no way
 				// to get a suitable socket factory, so we won't be able to
 				// make outgoing connections on API 21+ if another network
 				// has internet access
 				socketFactory = SocketFactory.getDefault();
-				if (socket == null || socket.isClosed()) bind();
+				bind();
-			} else if (addrs.isEmpty()) {
-				LOG.info("Not connected to wifi");
-				socketFactory = SocketFactory.getDefault();
-				tryToClose(socket);
 			} else {
 				LOG.info("Connected to wifi");
 				socketFactory = getSocketFactory();
-				if (socket == null || socket.isClosed()) bind();
+				bind();
 			}
 		});
 	}
+
+	/**
+	 * Returns a {@link Pair} where the first element is an IP address (IPv4 if
+	 * available, otherwise IPv6) of the wifi interface and the second element
+	 * is true if this device is providing an access point, or false if this
+	 * device is a client. Returns null if this device isn't connected to wifi
+	 * as an access point or client.
+	 */
+	@Nullable
+	private Pair<InetAddress, Boolean> getPreferredWifiAddress() {
+		Pair<InetAddress, Boolean> wifi = getWifiIpv4Address();
+		// If there's no wifi IPv4 address, we might be a client on an
+		// IPv6-only wifi network. We can only detect this on API 21+
+		if (wifi == null && SDK_INT >= 21) {
+			InetAddress ipv6 = getWifiClientIpv6Address();
+			if (ipv6 != null) return new Pair<>(ipv6, false);
+		}
+		return wifi;
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java

@@ -1,8 +1,9 @@
 package org.briarproject.bramble.plugin.tcp;
 
-import android.content.Context;
+import android.app.Application;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -10,10 +11,12 @@ import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
+import org.briarproject.bramble.api.system.WakefulIoExecutor;
 
 import java.util.concurrent.Executor;
 
 import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
 
 import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
 
@@ -21,23 +24,29 @@ import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
 @NotNullByDefault
 public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 
-	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_LATENCY = 30_000; // 30 seconds
-	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30_000; // 30 seconds
-	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
+	private static final int CONNECTION_TIMEOUT = 3_000; // 3 seconds
-	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
+	private static final int MIN_POLLING_INTERVAL = 60_000; // 1 minute
+	private static final int MAX_POLLING_INTERVAL = 600_000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
-	private final Executor ioExecutor;
+	private final Executor ioExecutor, wakefulIoExecutor;
 	private final EventBus eventBus;
 	private final BackoffFactory backoffFactory;
-	private final Context appContext;
+	private final Application app;
 
-	public AndroidLanTcpPluginFactory(Executor ioExecutor, EventBus eventBus,
+	@Inject
-			BackoffFactory backoffFactory, Context appContext) {
+	public AndroidLanTcpPluginFactory(@IoExecutor Executor ioExecutor,
+			@WakefulIoExecutor Executor wakefulIoExecutor,
+			EventBus eventBus,
+			BackoffFactory backoffFactory,
+			Application app) {
 		this.ioExecutor = ioExecutor;
+		this.wakefulIoExecutor = wakefulIoExecutor;
 		this.eventBus = eventBus;
 		this.backoffFactory = backoffFactory;
-		this.appContext = appContext;
+		this.app = app;
 	}
 
 	@Override
@@ -55,7 +64,8 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidLanTcpPlugin plugin = new AndroidLanTcpPlugin(ioExecutor,
-				appContext, backoff, callback, MAX_LATENCY, MAX_IDLE_TIME);
+				wakefulIoExecutor, app, backoff, callback,
+				MAX_LATENCY, MAX_IDLE_TIME, CONNECTION_TIMEOUT);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java

@@ -1,10 +1,9 @@
 package org.briarproject.bramble.plugin.tor;
 
-import android.content.Context;
+import android.app.Application;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
-import android.os.PowerManager;
 
 import org.briarproject.bramble.api.battery.BatteryManager;
 import org.briarproject.bramble.api.network.NetworkManager;
@@ -12,48 +11,50 @@ import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.PluginCallback;
+import org.briarproject.bramble.api.system.AndroidWakeLock;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.api.system.ResourceProvider;
-import org.briarproject.bramble.util.RenewableWakeLock;
 
+import java.io.File;
 import java.io.IOException;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 
 import javax.net.SocketFactory;
 
-import static android.content.Context.MODE_PRIVATE;
-import static android.content.Context.POWER_SERVICE;
-import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
-import static java.util.concurrent.TimeUnit.MINUTES;
-
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
 class AndroidTorPlugin extends TorPlugin {
 
-	private final Context appContext;
+	private final Application app;
-	private final RenewableWakeLock wakeLock;
+	private final AndroidWakeLock wakeLock;
 
-	AndroidTorPlugin(Executor ioExecutor, ScheduledExecutorService scheduler,
+	AndroidTorPlugin(Executor ioExecutor,
-			Context appContext, NetworkManager networkManager,
+			Executor wakefulIoExecutor,
-			LocationUtils locationUtils, SocketFactory torSocketFactory,
+			Application app,
-			Clock clock, ResourceProvider resourceProvider,
+			NetworkManager networkManager,
+			LocationUtils locationUtils,
+			SocketFactory torSocketFactory,
+			Clock clock,
+			ResourceProvider resourceProvider,
 			CircumventionProvider circumventionProvider,
-			BatteryManager batteryManager, Backoff backoff,
+			BatteryManager batteryManager,
+			AndroidWakeLockManager wakeLockManager,
+			Backoff backoff,
 			TorRendezvousCrypto torRendezvousCrypto,
-			PluginCallback callback, String architecture, int maxLatency,
+			PluginCallback callback,
-			int maxIdleTime) {
+			String architecture,
-		super(ioExecutor, networkManager, locationUtils, torSocketFactory,
+			int maxLatency,
-				clock, resourceProvider, circumventionProvider, batteryManager,
+			int maxIdleTime,
-				backoff, torRendezvousCrypto, callback, architecture, maxLatency, maxIdleTime,
+			File torDirectory) {
-				appContext.getDir("tor", MODE_PRIVATE));
+		super(ioExecutor, wakefulIoExecutor, networkManager, locationUtils,
-		this.appContext = appContext;
+				torSocketFactory, clock, resourceProvider,
-		PowerManager pm = (PowerManager)
+				circumventionProvider, batteryManager, backoff,
-				appContext.getSystemService(POWER_SERVICE);
+				torRendezvousCrypto, callback, architecture, maxLatency,
-		if (pm == null) throw new AssertionError();
+				maxIdleTime, torDirectory);
-		wakeLock = new RenewableWakeLock(pm, scheduler, PARTIAL_WAKE_LOCK,
+		this.app = app;
-				getWakeLockTag(), 1, MINUTES);
+		wakeLock = wakeLockManager.createWakeLock("TorPlugin");
 	}
 
 	@Override
@@ -64,8 +65,8 @@ class AndroidTorPlugin extends TorPlugin {
 	@Override
 	protected long getLastUpdateTime() {
 		try {
-			PackageManager pm = appContext.getPackageManager();
+			PackageManager pm = app.getPackageManager();
-			PackageInfo pi = pm.getPackageInfo(appContext.getPackageName(), 0);
+			PackageInfo pi = pm.getPackageInfo(app.getPackageName(), 0);
 			return pi.lastUpdateTime;
 		} catch (NameNotFoundException e) {
 			throw new AssertionError(e);
@@ -74,7 +75,6 @@ class AndroidTorPlugin extends TorPlugin {
 
 	@Override
 	protected void enableNetwork(boolean enable) throws IOException {
-		if (!running) return;
 		if (enable) wakeLock.acquire();
 		super.enableNetwork(enable);
 		if (!enable) wakeLock.release();
@@ -85,17 +85,4 @@ class AndroidTorPlugin extends TorPlugin {
 		super.stop();
 		wakeLock.release();
 	}
-
-	private String getWakeLockTag() {
-		PackageManager pm = appContext.getPackageManager();
-		for (PackageInfo info : pm.getInstalledPackages(0)) {
-			String name = info.packageName.toLowerCase();
-			if (name.startsWith("com.huawei.powergenie")) {
-				return "LocationManagerService";
-			} else if (name.startsWith("com.evenwell.powermonitor")) {
-				return "AudioIn";
-			}
-		}
-		return getClass().getSimpleName();
-	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java

@@ -1,28 +1,33 @@
 package org.briarproject.bramble.plugin.tor;
 
-import android.content.Context;
+import android.app.Application;
 
 import org.briarproject.bramble.api.battery.BatteryManager;
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
 import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TorConstants;
+import org.briarproject.bramble.api.plugin.TorDirectory;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.api.system.ResourceProvider;
+import org.briarproject.bramble.api.system.WakefulIoExecutor;
 import org.briarproject.bramble.util.AndroidUtils;
 
+import java.io.File;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;
 
 import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
 import javax.net.SocketFactory;
 
 @Immutable
@@ -38,9 +43,8 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
-	private final Executor ioExecutor;
+	private final Executor ioExecutor, wakefulIoExecutor;
-	private final ScheduledExecutorService scheduler;
+	private final Application app;
-	private final Context appContext;
 	private final NetworkManager networkManager;
 	private final LocationUtils locationUtils;
 	private final EventBus eventBus;
@@ -49,18 +53,28 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 	private final ResourceProvider resourceProvider;
 	private final CircumventionProvider circumventionProvider;
 	private final BatteryManager batteryManager;
+	private final AndroidWakeLockManager wakeLockManager;
 	private final Clock clock;
+	private final File torDirectory;
 
-	public AndroidTorPluginFactory(Executor ioExecutor,
+	@Inject
-			ScheduledExecutorService scheduler, Context appContext,
+	public AndroidTorPluginFactory(@IoExecutor Executor ioExecutor,
-			NetworkManager networkManager, LocationUtils locationUtils,
+			@WakefulIoExecutor Executor wakefulIoExecutor,
-			EventBus eventBus, SocketFactory torSocketFactory,
+			Application app,
-			BackoffFactory backoffFactory, ResourceProvider resourceProvider,
+			NetworkManager networkManager,
+			LocationUtils locationUtils,
+			EventBus eventBus,
+			SocketFactory torSocketFactory,
+			BackoffFactory backoffFactory,
+			ResourceProvider resourceProvider,
 			CircumventionProvider circumventionProvider,
-			BatteryManager batteryManager, Clock clock) {
+			BatteryManager batteryManager,
+			AndroidWakeLockManager wakeLockManager,
+			Clock clock,
+			@TorDirectory File torDirectory) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
+		this.wakefulIoExecutor = wakefulIoExecutor;
-		this.appContext = appContext;
+		this.app = app;
 		this.networkManager = networkManager;
 		this.locationUtils = locationUtils;
 		this.eventBus = eventBus;
@@ -69,7 +83,9 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 		this.resourceProvider = resourceProvider;
 		this.circumventionProvider = circumventionProvider;
 		this.batteryManager = batteryManager;
+		this.wakeLockManager = wakeLockManager;
 		this.clock = clock;
+		this.torDirectory = torDirectory;
 	}
 
 	@Override
@@ -112,11 +128,12 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		TorRendezvousCrypto torRendezvousCrypto = new TorRendezvousCryptoImpl();
-		AndroidTorPlugin plugin = new AndroidTorPlugin(ioExecutor, scheduler,
+		AndroidTorPlugin plugin = new AndroidTorPlugin(ioExecutor,
-				appContext, networkManager, locationUtils, torSocketFactory,
+				wakefulIoExecutor, app, networkManager, locationUtils,
-				clock, resourceProvider, circumventionProvider, batteryManager,
+				torSocketFactory, clock, resourceProvider,
+				circumventionProvider, batteryManager, wakeLockManager,
 				backoff, torRendezvousCrypto, callback, architecture,
-				MAX_LATENCY, MAX_IDLE_TIME);
+				MAX_LATENCY, MAX_IDLE_TIME, torDirectory);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/system/AlarmConstants.java

@@ -0,0 +1,18 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+interface AlarmConstants {
+
+	/**
+	 * Request code for the broadcast intent attached to the periodic alarm.
+	 */
+	int REQUEST_ALARM = 1;
+
+	/**
+	 * Key for storing the process ID in the extras of the periodic alarm's
+	 * intent. This allows us to ignore alarms scheduled by dead processes.
+	 */
+	String EXTRA_PID = "org.briarproject.bramble.EXTRA_PID";
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AlarmReceiver.java

@@ -0,0 +1,17 @@
+package org.briarproject.bramble.system;
+
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+
+import org.briarproject.bramble.BrambleApplication;
+
+public class AlarmReceiver extends BroadcastReceiver {
+
+	@Override
+	public void onReceive(Context ctx, Intent intent) {
+		BrambleApplication app =
+				(BrambleApplication) ctx.getApplicationContext();
+		app.getBrambleAppComponent().alarmListener().onAlarm(intent);
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidLocationUtils.java

@@ -61,12 +61,12 @@ class AndroidLocationUtils implements LocationUtils {
 	private String getCountryFromPhoneNetwork() {
 		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
 		TelephonyManager tm = (TelephonyManager) o;
-		return tm.getNetworkCountryIso();
+		return tm == null ? "" : tm.getNetworkCountryIso();
 	}
 
 	private String getCountryFromSimCard() {
 		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
 		TelephonyManager tm = (TelephonyManager) o;
-		return tm.getSimCountryIso();
+		return tm == null ? "" : tm.getSimCountryIso();
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSystemModule.java

@@ -1,12 +1,17 @@
 package org.briarproject.bramble.system;
 
 import org.briarproject.bramble.api.event.EventExecutor;
+import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.system.AndroidExecutor;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
 import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.api.system.ResourceProvider;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
 
 import java.util.concurrent.Executor;
+import java.util.concurrent.RejectedExecutionHandler;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
 
 import javax.inject.Singleton;
 
@@ -16,6 +21,23 @@ import dagger.Provides;
 @Module
 public class AndroidSystemModule {
 
+	private final ScheduledExecutorService scheduledExecutorService;
+
+	public AndroidSystemModule() {
+		// Discard tasks that are submitted during shutdown
+		RejectedExecutionHandler policy =
+				new ScheduledThreadPoolExecutor.DiscardPolicy();
+		scheduledExecutorService = new ScheduledThreadPoolExecutor(1, policy);
+	}
+
+	@Provides
+	@Singleton
+	ScheduledExecutorService provideScheduledExecutorService(
+			LifecycleManager lifecycleManager) {
+		lifecycleManager.registerForShutdown(scheduledExecutorService);
+		return scheduledExecutorService;
+	}
+
 	@Provides
 	@Singleton
 	SecureRandomProvider provideSecureRandomProvider(
@@ -47,4 +69,11 @@ public class AndroidSystemModule {
 	ResourceProvider provideResourceProvider(AndroidResourceProvider provider) {
 		return provider;
 	}
+
+	@Provides
+	@Singleton
+	AndroidWakeLockManager provideWakeLockManager(
+			AndroidWakeLockManagerImpl wakeLockManager) {
+		return wakeLockManager;
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidTaskScheduler.java

@@ -0,0 +1,242 @@
+package org.briarproject.bramble.system;
+
+import android.annotation.TargetApi;
+import android.app.AlarmManager;
+import android.app.Application;
+import android.app.PendingIntent;
+import android.content.Intent;
+import android.os.Process;
+import android.os.SystemClock;
+
+import org.briarproject.bramble.api.lifecycle.Service;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.AlarmListener;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
+import org.briarproject.bramble.api.system.TaskScheduler;
+import org.briarproject.bramble.api.system.Wakeful;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.PriorityQueue;
+import java.util.Queue;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+
+import static android.app.AlarmManager.ELAPSED_REALTIME_WAKEUP;
+import static android.app.AlarmManager.INTERVAL_FIFTEEN_MINUTES;
+import static android.app.PendingIntent.FLAG_CANCEL_CURRENT;
+import static android.content.Context.ALARM_SERVICE;
+import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Objects.requireNonNull;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.system.AlarmConstants.EXTRA_PID;
+import static org.briarproject.bramble.system.AlarmConstants.REQUEST_ALARM;
+
+@ThreadSafe
+@NotNullByDefault
+class AndroidTaskScheduler implements TaskScheduler, Service, AlarmListener {
+
+	private static final Logger LOG =
+			getLogger(AndroidTaskScheduler.class.getName());
+
+	private static final long ALARM_MS = INTERVAL_FIFTEEN_MINUTES;
+
+	private final Application app;
+	private final AndroidWakeLockManager wakeLockManager;
+	private final ScheduledExecutorService scheduledExecutorService;
+	private final AlarmManager alarmManager;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final Queue<ScheduledTask> tasks = new PriorityQueue<>();
+
+	AndroidTaskScheduler(Application app,
+			AndroidWakeLockManager wakeLockManager,
+			ScheduledExecutorService scheduledExecutorService) {
+		this.app = app;
+		this.wakeLockManager = wakeLockManager;
+		this.scheduledExecutorService = scheduledExecutorService;
+		alarmManager = (AlarmManager)
+				requireNonNull(app.getSystemService(ALARM_SERVICE));
+	}
+
+	@Override
+	public void startService() {
+		scheduleAlarm();
+	}
+
+	@Override
+	public void stopService() {
+		cancelAlarm();
+	}
+
+	@Override
+	public Cancellable schedule(Runnable task, Executor executor, long delay,
+			TimeUnit unit) {
+		AtomicBoolean cancelled = new AtomicBoolean(false);
+		return schedule(task, executor, delay, unit, cancelled);
+	}
+
+	@Override
+	public Cancellable scheduleWithFixedDelay(Runnable task, Executor executor,
+			long delay, long interval, TimeUnit unit) {
+		AtomicBoolean cancelled = new AtomicBoolean(false);
+		return scheduleWithFixedDelay(task, executor, delay, interval, unit,
+				cancelled);
+	}
+
+	@Override
+	public void onAlarm(Intent intent) {
+		wakeLockManager.runWakefully(() -> {
+			int extraPid = intent.getIntExtra(EXTRA_PID, -1);
+			int currentPid = Process.myPid();
+			if (extraPid == currentPid) {
+				LOG.info("Alarm");
+				rescheduleAlarm();
+				runDueTasks();
+			} else if (LOG.isLoggable(INFO)) {
+				LOG.info("Ignoring alarm with PID " + extraPid
+						+ ", current PID is " + currentPid);
+			}
+		}, "TaskAlarm");
+	}
+
+	private Cancellable schedule(Runnable task, Executor executor, long delay,
+			TimeUnit unit, AtomicBoolean cancelled) {
+		long now = SystemClock.elapsedRealtime();
+		long dueMillis = now + MILLISECONDS.convert(delay, unit);
+		Runnable wakeful = () ->
+				wakeLockManager.executeWakefully(task, executor, "TaskHandoff");
+		Future<?> check = scheduleCheckForDueTasks(delay, unit);
+		ScheduledTask s = new ScheduledTask(wakeful, dueMillis, check,
+				cancelled);
+		synchronized (lock) {
+			tasks.add(s);
+		}
+		return s;
+	}
+
+	private Cancellable scheduleWithFixedDelay(Runnable task, Executor executor,
+			long delay, long interval, TimeUnit unit, AtomicBoolean cancelled) {
+		// All executions of this periodic task share a cancelled flag
+		Runnable wrapped = () -> {
+			task.run();
+			scheduleWithFixedDelay(task, executor, interval, interval, unit,
+					cancelled);
+		};
+		return schedule(wrapped, executor, delay, unit, cancelled);
+	}
+
+	private Future<?> scheduleCheckForDueTasks(long delay, TimeUnit unit) {
+		Runnable wakeful = () -> wakeLockManager.runWakefully(
+				this::runDueTasks, "TaskScheduler");
+		return scheduledExecutorService.schedule(wakeful, delay, unit);
+	}
+
+	@Wakeful
+	private void runDueTasks() {
+		long now = SystemClock.elapsedRealtime();
+		List<ScheduledTask> due = new ArrayList<>();
+		synchronized (lock) {
+			while (true) {
+				ScheduledTask s = tasks.peek();
+				if (s == null || s.dueMillis > now) break;
+				due.add(tasks.remove());
+			}
+		}
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Running " + due.size() + " due tasks");
+		}
+		for (ScheduledTask s : due) {
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Task is " + (now - s.dueMillis) + " ms overdue");
+			}
+			s.run();
+		}
+	}
+
+	private void scheduleAlarm() {
+		if (SDK_INT >= 23) scheduleIdleAlarm();
+		else scheduleInexactRepeatingAlarm();
+	}
+
+	private void rescheduleAlarm() {
+		// If SDK_INT < 23 the alarm repeats automatically
+		if (SDK_INT >= 23) scheduleIdleAlarm();
+	}
+
+	private void cancelAlarm() {
+		alarmManager.cancel(getAlarmPendingIntent());
+	}
+
+	private void scheduleInexactRepeatingAlarm() {
+		alarmManager.setInexactRepeating(ELAPSED_REALTIME_WAKEUP,
+				SystemClock.elapsedRealtime() + ALARM_MS, ALARM_MS,
+				getAlarmPendingIntent());
+	}
+
+	@TargetApi(23)
+	private void scheduleIdleAlarm() {
+		alarmManager.setAndAllowWhileIdle(ELAPSED_REALTIME_WAKEUP,
+				SystemClock.elapsedRealtime() + ALARM_MS,
+				getAlarmPendingIntent());
+	}
+
+	private PendingIntent getAlarmPendingIntent() {
+		Intent i = new Intent(app, AlarmReceiver.class);
+		i.putExtra(EXTRA_PID, android.os.Process.myPid());
+		return PendingIntent.getBroadcast(app, REQUEST_ALARM, i,
+				FLAG_CANCEL_CURRENT);
+	}
+
+	private class ScheduledTask
+			implements Runnable, Cancellable, Comparable<ScheduledTask> {
+
+		private final Runnable task;
+		private final long dueMillis;
+		private final Future<?> check;
+		private final AtomicBoolean cancelled;
+
+		public ScheduledTask(Runnable task, long dueMillis,
+				Future<?> check, AtomicBoolean cancelled) {
+			this.task = task;
+			this.dueMillis = dueMillis;
+			this.check = check;
+			this.cancelled = cancelled;
+		}
+
+		@Override
+		public void run() {
+			if (!cancelled.get()) task.run();
+		}
+
+		@Override
+		public void cancel() {
+			// Cancel any future executions of this task
+			cancelled.set(true);
+			// Cancel the scheduled check for due tasks
+			check.cancel(false);
+			// Remove the task from the queue
+			synchronized (lock) {
+				tasks.remove(this);
+			}
+		}
+
+		@Override
+		public int compareTo(ScheduledTask s) {
+			//noinspection UseCompareMethod
+			if (dueMillis < s.dueMillis) return -1;
+			if (dueMillis > s.dueMillis) return 1;
+			return 0;
+		}
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidTaskSchedulerModule.java

@@ -0,0 +1,49 @@
+package org.briarproject.bramble.system;
+
+import android.app.Application;
+
+import org.briarproject.bramble.api.lifecycle.LifecycleManager;
+import org.briarproject.bramble.api.system.AlarmListener;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
+import org.briarproject.bramble.api.system.TaskScheduler;
+
+import java.util.concurrent.ScheduledExecutorService;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public class AndroidTaskSchedulerModule {
+
+	public static class EagerSingletons {
+		@Inject
+		AndroidTaskScheduler scheduler;
+	}
+
+	@Provides
+	@Singleton
+	AndroidTaskScheduler provideAndroidTaskScheduler(
+			LifecycleManager lifecycleManager, Application app,
+			AndroidWakeLockManager wakeLockManager,
+			ScheduledExecutorService scheduledExecutorService) {
+		AndroidTaskScheduler scheduler = new AndroidTaskScheduler(app,
+				wakeLockManager, scheduledExecutorService);
+		lifecycleManager.registerService(scheduler);
+		return scheduler;
+	}
+
+	@Provides
+	@Singleton
+	AlarmListener provideAlarmListener(AndroidTaskScheduler scheduler) {
+		return scheduler;
+	}
+
+	@Provides
+	@Singleton
+	TaskScheduler provideTaskScheduler(AndroidTaskScheduler scheduler) {
+		return scheduler;
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidWakeLockImpl.java

@@ -0,0 +1,74 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.AndroidWakeLock;
+
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+
+import static java.util.logging.Level.FINE;
+import static java.util.logging.Logger.getLogger;
+
+/**
+ * A wrapper around a {@link SharedWakeLock} that provides the more convenient
+ * semantics of {@link AndroidWakeLock} (i.e. calls to acquire() and release()
+ * don't need to be balanced).
+ */
+@ThreadSafe
+@NotNullByDefault
+class AndroidWakeLockImpl implements AndroidWakeLock {
+
+	private static final Logger LOG =
+			getLogger(AndroidWakeLockImpl.class.getName());
+
+	private static final AtomicInteger INSTANCE_ID = new AtomicInteger(0);
+
+	private final SharedWakeLock sharedWakeLock;
+	private final String tag;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private boolean held = false;
+
+	AndroidWakeLockImpl(SharedWakeLock sharedWakeLock, String tag) {
+		this.sharedWakeLock = sharedWakeLock;
+		this.tag = tag + "_" + INSTANCE_ID.getAndIncrement();
+	}
+
+	@Override
+	public void acquire() {
+		synchronized (lock) {
+			if (held) {
+				if (LOG.isLoggable(FINE)) {
+					LOG.fine(tag + " already acquired");
+				}
+			} else {
+				if (LOG.isLoggable(FINE)) {
+					LOG.fine(tag + " acquiring shared wake lock");
+				}
+				held = true;
+				sharedWakeLock.acquire();
+			}
+		}
+	}
+
+	@Override
+	public void release() {
+		synchronized (lock) {
+			if (held) {
+				if (LOG.isLoggable(FINE)) {
+					LOG.fine(tag + " releasing shared wake lock");
+				}
+				held = false;
+				sharedWakeLock.release();
+			} else {
+				if (LOG.isLoggable(FINE)) {
+					LOG.fine(tag + " already released");
+				}
+			}
+		}
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidWakeLockManagerImpl.java

@@ -0,0 +1,119 @@
+package org.briarproject.bramble.system;
+
+import android.app.Application;
+import android.content.Context;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.os.PowerManager;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.AndroidWakeLock;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
+
+import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledExecutorService;
+
+import javax.inject.Inject;
+
+import static android.content.Context.POWER_SERVICE;
+import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
+import static java.util.concurrent.TimeUnit.MINUTES;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+
+@NotNullByDefault
+class AndroidWakeLockManagerImpl implements AndroidWakeLockManager {
+
+	/**
+	 * How often to replace the wake lock.
+	 */
+	private static final long LOCK_DURATION_MS = MINUTES.toMillis(1);
+
+	/**
+	 * Automatically release the lock this many milliseconds after it's due
+	 * to have been replaced and released.
+	 */
+	private static final long SAFETY_MARGIN_MS = SECONDS.toMillis(30);
+
+	private final SharedWakeLock sharedWakeLock;
+
+	@Inject
+	AndroidWakeLockManagerImpl(Application app,
+			ScheduledExecutorService scheduledExecutorService) {
+		PowerManager powerManager = (PowerManager)
+				requireNonNull(app.getSystemService(POWER_SERVICE));
+		String tag = getWakeLockTag(app);
+		sharedWakeLock = new RenewableWakeLock(powerManager,
+				scheduledExecutorService, PARTIAL_WAKE_LOCK, tag,
+				LOCK_DURATION_MS, SAFETY_MARGIN_MS);
+	}
+
+	@Override
+	public AndroidWakeLock createWakeLock(String tag) {
+		return new AndroidWakeLockImpl(sharedWakeLock, tag);
+	}
+
+	@Override
+	public void runWakefully(Runnable r, String tag) {
+		AndroidWakeLock wakeLock = createWakeLock(tag);
+		wakeLock.acquire();
+		try {
+			r.run();
+		} finally {
+			wakeLock.release();
+		}
+	}
+
+	@Override
+	public void executeWakefully(Runnable r, Executor executor, String tag) {
+		AndroidWakeLock wakeLock = createWakeLock(tag);
+		wakeLock.acquire();
+		try {
+			executor.execute(() -> {
+				try {
+					r.run();
+				} finally {
+					// Release the wake lock if the task throws an exception
+					wakeLock.release();
+				}
+			});
+		} catch (Exception e) {
+			// Release the wake lock if the executor throws an exception when
+			// we submit the task (in which case the release() call above won't
+			// happen)
+			wakeLock.release();
+			throw e;
+		}
+	}
+
+	@Override
+	public void executeWakefully(Runnable r, String tag) {
+		AndroidWakeLock wakeLock = createWakeLock(tag);
+		wakeLock.acquire();
+		try {
+			new Thread(() -> {
+				try {
+					r.run();
+				} finally {
+					wakeLock.release();
+				}
+			}).start();
+		} catch (Exception e) {
+			wakeLock.release();
+			throw e;
+		}
+	}
+
+	private String getWakeLockTag(Context ctx) {
+		PackageManager pm = ctx.getPackageManager();
+		for (PackageInfo info : pm.getInstalledPackages(0)) {
+			String name = info.packageName.toLowerCase();
+			if (name.startsWith("com.huawei.powergenie")) {
+				return "LocationManagerService";
+			} else if (name.startsWith("com.evenwell.powermonitor")) {
+				return "AudioIn";
+			}
+		}
+		return ctx.getPackageName();
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidWakefulIoExecutorModule.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.system.AndroidWakeLockManager;
+import org.briarproject.bramble.api.system.WakefulIoExecutor;
+
+import java.util.concurrent.Executor;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public
+class AndroidWakefulIoExecutorModule {
+
+	@Provides
+	@WakefulIoExecutor
+	Executor provideWakefulIoExecutor(@IoExecutor Executor ioExecutor,
+			AndroidWakeLockManager wakeLockManager) {
+		return r -> wakeLockManager.executeWakefully(r, ioExecutor,
+				"WakefulIoExecutor");
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/RenewableWakeLock.java

@@ -0,0 +1,130 @@
+package org.briarproject.bramble.system;
+
+import android.os.PowerManager;
+import android.os.PowerManager.WakeLock;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.logging.Level.FINE;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+
+@ThreadSafe
+@NotNullByDefault
+class RenewableWakeLock implements SharedWakeLock {
+
+	private static final Logger LOG =
+			getLogger(RenewableWakeLock.class.getName());
+
+	private final PowerManager powerManager;
+	private final ScheduledExecutorService scheduledExecutorService;
+	private final int levelAndFlags;
+	private final String tag;
+	private final long durationMs, safetyMarginMs;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	@Nullable
+	private WakeLock wakeLock;
+	@GuardedBy("lock")
+	@Nullable
+	private Future<?> future;
+	@GuardedBy("lock")
+	private int refCount = 0;
+	@GuardedBy("lock")
+	private long acquired = 0;
+
+	RenewableWakeLock(PowerManager powerManager,
+			ScheduledExecutorService scheduledExecutorService,
+			int levelAndFlags,
+			String tag,
+			long durationMs,
+			long safetyMarginMs) {
+		this.powerManager = powerManager;
+		this.scheduledExecutorService = scheduledExecutorService;
+		this.levelAndFlags = levelAndFlags;
+		this.tag = tag;
+		this.durationMs = durationMs;
+		this.safetyMarginMs = safetyMarginMs;
+	}
+
+	@Override
+	public void acquire() {
+		synchronized (lock) {
+			refCount++;
+			if (refCount == 1) {
+				if (LOG.isLoggable(INFO)) {
+					LOG.info("Acquiring wake lock " + tag);
+				}
+				wakeLock = powerManager.newWakeLock(levelAndFlags, tag);
+				// We do our own reference counting so we can replace the lock
+				// TODO: Check whether using a ref-counted wake lock affects
+				//  power management apps
+				wakeLock.setReferenceCounted(false);
+				wakeLock.acquire(durationMs + safetyMarginMs);
+				future = scheduledExecutorService.schedule(this::renew,
+						durationMs, MILLISECONDS);
+				acquired = android.os.SystemClock.elapsedRealtime();
+			} else if (LOG.isLoggable(FINE)) {
+				LOG.fine("Wake lock " + tag + " has " + refCount + " holders");
+			}
+		}
+	}
+
+	private void renew() {
+		if (LOG.isLoggable(INFO)) LOG.info("Renewing wake lock " + tag);
+		synchronized (lock) {
+			if (wakeLock == null) {
+				LOG.info("Already released");
+				return;
+			}
+			if (LOG.isLoggable(FINE)) {
+				LOG.fine("Wake lock " + tag + " has " + refCount + " holders");
+			}
+			long now = android.os.SystemClock.elapsedRealtime();
+			long expiry = acquired + durationMs + safetyMarginMs;
+			if (now > expiry && LOG.isLoggable(WARNING)) {
+				LOG.warning("Wake lock expired " + (now - expiry) + " ms ago");
+			}
+			WakeLock oldWakeLock = wakeLock;
+			wakeLock = powerManager.newWakeLock(levelAndFlags, tag);
+			wakeLock.setReferenceCounted(false);
+			wakeLock.acquire(durationMs + safetyMarginMs);
+			oldWakeLock.release();
+			future = scheduledExecutorService.schedule(this::renew, durationMs,
+					MILLISECONDS);
+			acquired = now;
+		}
+	}
+
+	@Override
+	public void release() {
+		synchronized (lock) {
+			refCount--;
+			if (refCount == 0) {
+				if (LOG.isLoggable(INFO)) {
+					LOG.info("Releasing wake lock " + tag);
+				}
+				requireNonNull(future).cancel(false);
+				future = null;
+				requireNonNull(wakeLock).release();
+				wakeLock = null;
+				acquired = 0;
+			} else if (LOG.isLoggable(FINE)) {
+				LOG.fine("Wake lock " + tag + " has " + refCount + " holders");
+			}
+		}
+	}
+}
+

bramble-android/src/main/java/org/briarproject/bramble/system/SharedWakeLock.java

@@ -0,0 +1,22 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.AndroidWakeLock;
+
+@NotNullByDefault
+interface SharedWakeLock {
+
+	/**
+	 * Acquires the wake lock. This increments the wake lock's reference count,
+	 * so unlike {@link AndroidWakeLock#acquire()} every call to this method
+	 * must be followed by a balancing call to {@link #release()}.
+	 */
+	void acquire();
+
+	/**
+	 * Releases the wake lock. This decrements the wake lock's reference count,
+	 * so unlike {@link AndroidWakeLock#release()} every call to this method
+	 * must follow a balancing call to {@link #acquire()}.
+	 */
+	void release();
+}

bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java

@@ -71,7 +71,7 @@ public class AndroidUtils {
 		return new Pair<>("", "");
 	}
 
-	private static boolean isValidBluetoothAddress(@Nullable String address) {
+	public static boolean isValidBluetoothAddress(@Nullable String address) {
 		return !StringUtils.isNullOrEmpty(address)
 				&& BluetoothAdapter.checkBluetoothAddress(address)
 				&& !address.equals(FAKE_BLUETOOTH_ADDRESS);

bramble-android/src/main/java/org/briarproject/bramble/util/RenewableWakeLock.java

@@ -1,100 +0,0 @@
-package org.briarproject.bramble.util;
-
-import android.os.PowerManager;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.ScheduledFuture;
-import java.util.concurrent.TimeUnit;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-import javax.annotation.concurrent.ThreadSafe;
-
-import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static java.util.logging.Level.INFO;
-
-@ThreadSafe
-@NotNullByDefault
-public class RenewableWakeLock {
-
-	private static final Logger LOG =
-			Logger.getLogger(RenewableWakeLock.class.getName());
-
-	/**
-	 * Automatically release the lock this many milliseconds after it's due
-	 * to have been replaced and released.
-	 */
-	private static final int SAFETY_MARGIN_MS = 10_000;
-
-	private final PowerManager powerManager;
-	private final ScheduledExecutorService scheduler;
-	private final int levelAndFlags;
-	private final String tag;
-	private final long durationMs;
-	private final Runnable renewTask;
-
-	private final Object lock = new Object();
-	@Nullable
-	private PowerManager.WakeLock wakeLock; // Locking: lock
-	@Nullable
-	private ScheduledFuture future; // Locking: lock
-
-	public RenewableWakeLock(PowerManager powerManager,
-			ScheduledExecutorService scheduler, int levelAndFlags, String tag,
-			long duration, TimeUnit timeUnit) {
-		this.powerManager = powerManager;
-		this.scheduler = scheduler;
-		this.levelAndFlags = levelAndFlags;
-		this.tag = tag;
-		durationMs = MILLISECONDS.convert(duration, timeUnit);
-		renewTask = this::renew;
-	}
-
-	public void acquire() {
-		if (LOG.isLoggable(INFO)) LOG.info("Acquiring wake lock " + tag);
-		synchronized (lock) {
-			if (wakeLock != null) {
-				LOG.info("Already acquired");
-				return;
-			}
-			wakeLock = powerManager.newWakeLock(levelAndFlags, tag);
-			wakeLock.setReferenceCounted(false);
-			wakeLock.acquire(durationMs + SAFETY_MARGIN_MS);
-			future = scheduler.schedule(renewTask, durationMs, MILLISECONDS);
-		}
-	}
-
-	private void renew() {
-		if (LOG.isLoggable(INFO)) LOG.info("Renewing wake lock " + tag);
-		synchronized (lock) {
-			if (wakeLock == null) {
-				LOG.info("Already released");
-				return;
-			}
-			PowerManager.WakeLock oldWakeLock = wakeLock;
-			wakeLock = powerManager.newWakeLock(levelAndFlags, tag);
-			wakeLock.setReferenceCounted(false);
-			wakeLock.acquire(durationMs + SAFETY_MARGIN_MS);
-			oldWakeLock.release();
-			future = scheduler.schedule(renewTask, durationMs, MILLISECONDS);
-		}
-	}
-
-	public void release() {
-		if (LOG.isLoggable(INFO)) LOG.info("Releasing wake lock " + tag);
-		synchronized (lock) {
-			if (wakeLock == null) {
-				LOG.info("Already released");
-				return;
-			}
-			if (future == null) throw new AssertionError();
-			future.cancel(false);
-			future = null;
-			wakeLock.release();
-			wakeLock = null;
-		}
-	}
-}
-

bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java

@@ -72,7 +72,9 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 	@Test
 	public void testDeleteAccountClearsSharedPrefsAndDeletesFiles()
 			throws Exception {
-		// Directories 'lib' and 'shared_prefs' should be spared
+		// Directories 'code_cache', 'lib' and 'shared_prefs' should be spared
+		File codeCacheDir = new File(testDir, "code_cache");
+		File codeCacheFile = new File(codeCacheDir, "file");
 		File libDir = new File(testDir, "lib");
 		File libFile = new File(libDir, "file");
 		File sharedPrefsDir = new File(testDir, "shared_prefs");
@@ -111,6 +113,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 
 		assertTrue(dbDir.mkdirs());
 		assertTrue(keyDir.mkdirs());
+		assertTrue(codeCacheDir.mkdirs());
+		assertTrue(codeCacheFile.createNewFile());
 		assertTrue(libDir.mkdirs());
 		assertTrue(libFile.createNewFile());
 		assertTrue(sharedPrefsDir.mkdirs());
@@ -126,6 +130,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 
 		assertFalse(dbDir.exists());
 		assertFalse(keyDir.exists());
+		assertTrue(codeCacheDir.exists());
+		assertTrue(codeCacheFile.exists());
 		assertTrue(libDir.exists());
 		assertTrue(libFile.exists());
 		assertTrue(sharedPrefsDir.exists());

bramble-android/witness.gradle

@@ -70,7 +70,7 @@ dependencyVerification {
         'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
         'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
         'org.briarproject:obfs4proxy-android:0.0.11-2:obfs4proxy-android-0.0.11-2.zip:57e55cbe87aa2aac210fdbb6cd8cdeafe15f825406a08ebf77a8b787aa2c6a8a',
-        'org.briarproject:tor-android:0.3.5.9:tor-android-0.3.5.9.zip:853b0440feccd6904bd03e6b2de53a62ebcde1d58068beeadc447a7dff950bc8',
+        'org.briarproject:tor-android:0.3.5.10:tor-android-0.3.5.10.zip:edd83bf557fcff2105eaa0bdb3f607a6852ebe7360920929ae3039dd5f4774c5',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
         'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
         'org.codehaus.groovy:groovy-all:2.4.15:groovy-all-2.4.15.jar:51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0',

bramble-api/src/main/java/org/briarproject/bramble/api/account/AccountManager.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.api.account;
 
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -13,7 +14,8 @@ public interface AccountManager {
 	 * Returns true if the manager has the database key. This will be false
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and true after {@link #createAccount(String, String)}
-	 * or {@link #signIn(String)} has returned true, until the process exits.
+	 * or {@link #signIn(String)} has returned true, until
+	 * {@link #deleteAccount()} is called or the process exits.
 	 */
 	boolean hasDatabaseKey();
 
@@ -22,25 +24,22 @@ public interface AccountManager {
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and non-null after
 	 * {@link #createAccount(String, String)} or {@link #signIn(String)} has
-	 * returned true, until the process exits.
+	 * returned true, until {@link #deleteAccount()} is called or the process
+	 * exits.
 	 */
 	@Nullable
 	SecretKey getDatabaseKey();
 
 	/**
-	 * Returns true if the encrypted database key can be loaded from disk, and
+	 * Returns true if the encrypted database key can be loaded from disk.
-	 * the database directory exists and is a directory.
 	 */
 	boolean accountExists();
 
 	/**
 	 * Creates an identity with the given name and registers it with the
 	 * {@link IdentityManager}. Creates a database key, encrypts it with the
-	 * given password and stores it on disk.
+	 * given password and stores it on disk. {@link #accountExists()} will
-	 * <p/>
+	 * return true after this method returns true.
-	 * This method does not create the database directory, so
-	 * {@link #accountExists()} will continue to return false until the
-	 * database directory is created.
 	 */
 	boolean createAccount(String name, String password);
 
@@ -54,17 +53,19 @@ public interface AccountManager {
 	 * Loads the encrypted database key from disk and decrypts it with the
 	 * given password.
 	 *
-	 * @return true if the database key was successfully loaded and decrypted.
+	 * @throws DecryptionException If the database key could not be loaded and
+	 * decrypted.
 	 */
-	boolean signIn(String password);
+	void signIn(String password) throws DecryptionException;
 
 	/**
 	 * Loads the encrypted database key from disk, decrypts it with the old
 	 * password, encrypts it with the new password, and stores it on disk,
 	 * replacing the old key.
 	 *
-	 * @return true if the database key was successfully loaded, re-encrypted
+	 * @throws DecryptionException If the database key could not be loaded and
-	 * and stored.
+	 * decrypted.
 	 */
-	boolean changePassword(String oldPassword, String newPassword);
+	void changePassword(String oldPassword, String newPassword)
+			throws DecryptionException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionManager.java

@@ -1,8 +1,11 @@
-package org.briarproject.bramble.api.plugin;
+package org.briarproject.bramble.api.connection;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionRegistry.java

@@ -0,0 +1,130 @@
+package org.briarproject.bramble.api.connection;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
+
+import java.util.Collection;
+
+/**
+ * Keeps track of which contacts are currently connected by which transports.
+ */
+@NotNullByDefault
+public interface ConnectionRegistry {
+
+	/**
+	 * Registers an incoming connection from the given contact over the given
+	 * transport. The connection's {@link Priority priority} can be set later
+	 * via {@link #setPriority(ContactId, TransportId, InterruptibleConnection,
+	 * Priority)} if a priority record is received from the contact.
+	 * <p>
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 */
+	void registerIncomingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn);
+
+	/**
+	 * Registers an outgoing connection to the given contact over the given
+	 * transport.
+	 * <p>
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 * <p>
+	 * If the registry has any "better" connections with the given contact, the
+	 * given connection will be interrupted. If the registry has any "worse"
+	 * connections with the given contact, those connections will be
+	 * interrupted.
+	 * <p>
+	 * Connection A is considered "better" than connection B if both
+	 * connections have had their priorities set, and either A's transport is
+	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
+	 * they use the same transport and A has higher {@link Priority priority}
+	 * than B.
+	 * <p>
+	 * For backward compatibility, connections without priorities are not
+	 * considered better or worse than other connections.
+	 */
+	void registerOutgoingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority);
+
+	/**
+	 * Unregisters a connection with the given contact over the given transport.
+	 * <p>
+	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
+	 * {@link ContactDisconnectedEvent} if this is the only connection with
+	 * the contact.
+	 */
+	void unregisterConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming, boolean exception);
+
+	/**
+	 * Sets the {@link Priority priority} of a connection that was previously
+	 * registered via {@link #registerIncomingConnection(ContactId, TransportId,
+	 * InterruptibleConnection)}.
+	 * <p>
+	 * If the registry has any "better" connections with the given contact, the
+	 * given connection will be interrupted. If the registry has any "worse"
+	 * connections with the given contact, those connections will be
+	 * interrupted.
+	 * <p>
+	 * Connection A is considered "better" than connection B if both
+	 * connections have had their priorities set, and either A's transport is
+	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
+	 * they use the same transport and A has higher {@link Priority priority}
+	 * than B.
+	 * <p>
+	 * For backward compatibility, connections without priorities are not
+	 * considered better or worse than other connections.
+	 */
+	void setPriority(ContactId c, TransportId t, InterruptibleConnection conn,
+			Priority priority);
+
+	/**
+	 * Returns any contacts that are connected via the given transport.
+	 */
+	Collection<ContactId> getConnectedContacts(TransportId t);
+
+	/**
+	 * Returns any contacts that are connected via the given transport or any
+	 * {@link PluginConfig#getTransportPreferences() better} transport.
+	 */
+	Collection<ContactId> getConnectedOrBetterContacts(TransportId t);
+
+	/**
+	 * Returns true if the given contact is connected via the given transport.
+	 */
+	boolean isConnected(ContactId c, TransportId t);
+
+	/**
+	 * Returns true if the given contact is connected via any transport.
+	 */
+	boolean isConnected(ContactId c);
+
+	/**
+	 * Registers a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
+	 * with the pending contact.
+	 *
+	 * @return True if this is the only connection with the pending contact,
+	 * false if it is redundant and should be closed
+	 */
+	boolean registerConnection(PendingContactId p);
+
+	/**
+	 * Unregisters a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionClosedEvent}.
+	 */
+	void unregisterConnection(PendingContactId p, boolean success);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/connection/InterruptibleConnection.java

@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.connection;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A duplex sync connection that can be closed by interrupting its outgoing
+ * sync session.
+ */
+@NotNullByDefault
+public interface InterruptibleConnection {
+
+	/**
+	 * Interrupts the connection's outgoing sync session. If the underlying
+	 * transport connection is alive and the remote peer is cooperative, this
+	 * should result in both sync sessions ending and the connection being
+	 * cleanly closed.
+	 */
+	void interruptOutgoingSession();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -142,16 +142,17 @@ public interface CryptoComponent {
 	/**
 	 * Decrypts and authenticates the given ciphertext that has been read from
 	 * storage. The encryption and authentication keys are derived from the
-	 * given password. Returns null if the ciphertext cannot be decrypted and
+	 * given password.
-	 * authenticated (for example, if the password is wrong).
 	 *
 	 * @param keyStrengthener Used to strengthen the password-based key. If
 	 * null, or if strengthening was not used when encrypting the ciphertext,
 	 * the password-based key will not be strengthened
+	 * @throws DecryptionException If the ciphertext cannot be decrypted and
+	 * authenticated (for example, if the password is wrong).
 	 */
-	@Nullable
 	byte[] decryptWithPassword(byte[] ciphertext, String password,
-			@Nullable KeyStrengthener keyStrengthener);
+			@Nullable KeyStrengthener keyStrengthener)
+			throws DecryptionException;
 
 	/**
 	 * Returns true if the given ciphertext was encrypted using a strengthened

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionException.java

@@ -0,0 +1,17 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public class DecryptionException extends Exception {
+
+	private final DecryptionResult result;
+
+	public DecryptionException(DecryptionResult result) {
+		this.result = result;
+	}
+
+	public DecryptionResult getDecryptionResult() {
+		return result;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionResult.java

@@ -0,0 +1,29 @@
+package org.briarproject.bramble.api.crypto;
+
+/**
+ * The result of a password-based decryption operation.
+ */
+public enum DecryptionResult {
+
+	/**
+	 * Decryption succeeded.
+	 */
+	SUCCESS,
+
+	/**
+	 * Decryption failed because the format of the ciphertext was invalid.
+	 */
+	INVALID_CIPHERTEXT,
+
+	/**
+	 * Decryption failed because the {@link KeyStrengthener} used for
+	 * encryption was not available for decryption.
+	 */
+	KEY_STRENGTHENER_ERROR,
+
+	/**
+	 * Decryption failed because the password used for decryption did not match
+	 * the password used for encryption.
+	 */
+	INVALID_PASSWORD
+}

bramble-api/src/main/java/org/briarproject/bramble/api/event/EventBus.java

@@ -18,6 +18,8 @@ public interface EventBus {
 	/**
 	 * Asynchronously notifies all listeners of an event. Listeners are
 	 * notified on the {@link EventExecutor}.
+	 * <p>
+	 * This method can safely be called while holding a lock.
 	 */
 	void broadcast(Event e);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/io/TimeoutMonitor.java

@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.io;
+
+import java.io.InputStream;
+
+public interface TimeoutMonitor {
+
+	/**
+	 * Returns an {@link InputStream} that wraps the given stream and allows
+	 * read timeouts to be detected.
+	 * <p>
+	 * The returned stream must be {@link InputStream#close() closed} when it's
+	 * no longer needed to ensure that resources held by the timeout monitor
+	 * are released.
+	 *
+	 * @param timeoutMs The read timeout in milliseconds. Timeouts will be
+	 * detected eventually but are not guaranteed to be detected immediately.
+	 */
+	InputStream createTimeoutInputStream(InputStream in, long timeoutMs);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/LifecycleManager.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.Wakeful;
 
 import java.util.concurrent.ExecutorService;
 
@@ -65,6 +66,7 @@ public interface LifecycleManager {
 	 * Opens the {@link DatabaseComponent} using the given key and starts any
 	 * registered {@link Service Services}.
 	 */
+	@Wakeful
 	StartResult startServices(SecretKey dbKey);
 
 	/**
@@ -72,6 +74,7 @@ public interface LifecycleManager {
 	 * registered {@link ExecutorService ExecutorServices}, and closes the
 	 * {@link DatabaseComponent}.
 	 */
+	@Wakeful
 	void stopServices();
 
 	/**
@@ -104,6 +107,7 @@ public interface LifecycleManager {
 		 *
 		 * @param txn A read-write transaction
 		 */
+		@Wakeful
 		void onDatabaseOpened(Transaction txn) throws DbException;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/Service.java

@@ -1,16 +1,20 @@
 package org.briarproject.bramble.api.lifecycle;
 
+import org.briarproject.bramble.api.system.Wakeful;
+
 public interface Service {
 
 	/**
-	 * Starts the service.This method must not be called concurrently with
+	 * Starts the service. This method must not be called concurrently with
 	 * {@link #stopService()}.
 	 */
+	@Wakeful
 	void startService() throws ServiceException;
 
 	/**
 	 * Stops the service. This method must not be called concurrently with
 	 * {@link #startService()}.
 	 */
+	@Wakeful
 	void stopService() throws ServiceException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java

@@ -6,8 +6,16 @@ public interface BluetoothConstants {
 
 	int UUID_BYTES = 16;
 
+	// Transport properties
 	String PROP_ADDRESS = "address";
 	String PROP_UUID = "uuid";
 
-	String PREF_BT_ENABLE = "enable";
+	// Local settings (not shared with contacts)
+	String PREF_ADDRESS_IS_REFLECTED = "addressIsReflected";
+	String PREF_EVER_CONNECTED = "everConnected";
+
+	// Default values for local settings
+	boolean DEFAULT_PREF_PLUGIN_ENABLE = false;
+	boolean DEFAULT_PREF_ADDRESS_IS_REFLECTED = false;
+	boolean DEFAULT_PREF_EVER_CONNECTED = false;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionRegistry.java

@@ -1,67 +0,0 @@
-package org.briarproject.bramble.api.plugin;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-
-import java.util.Collection;
-
-/**
- * Keeps track of which contacts are currently connected by which transports.
- */
-@NotNullByDefault
-public interface ConnectionRegistry {
-
-	/**
-	 * Registers a connection with the given contact over the given transport.
-	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
-	 * {@link ContactConnectedEvent} if this is the only connection with the
-	 * contact.
-	 */
-	void registerConnection(ContactId c, TransportId t, boolean incoming);
-
-	/**
-	 * Unregisters a connection with the given contact over the given transport.
-	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
-	 * {@link ContactDisconnectedEvent} if this is the only connection with
-	 * the contact.
-	 */
-	void unregisterConnection(ContactId c, TransportId t, boolean incoming);
-
-	/**
-	 * Returns any contacts that are connected via the given transport.
-	 */
-	Collection<ContactId> getConnectedContacts(TransportId t);
-
-	/**
-	 * Returns true if the given contact is connected via the given transport.
-	 */
-	boolean isConnected(ContactId c, TransportId t);
-
-	/**
-	 * Returns true if the given contact is connected via any transport.
-	 */
-	boolean isConnected(ContactId c);
-
-	/**
-	 * Registers a connection with the given pending contact. Broadcasts
-	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
-	 * with the pending contact.
-	 *
-	 * @return True if this is the only connection with the pending contact,
-	 * false if it is redundant and should be closed
-	 */
-	boolean registerConnection(PendingContactId p);
-
-	/**
-	 * Unregisters a connection with the given pending contact. Broadcasts
-	 * {@link RendezvousConnectionClosedEvent}.
-	 */
-	void unregisterConnection(PendingContactId p, boolean success);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java

@@ -4,10 +4,15 @@ public interface LanTcpConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.lan");
 
-	// a transport property (shared with contacts)
+	// Transport properties (shared with contacts)
 	String PROP_IP_PORTS = "ipPorts";
+	String PROP_PORT = "port";
+	String PROP_IPV6 = "ipv6";
 
-	// a local setting
+	// Local settings (not shared with contacts)
 	String PREF_LAN_IP_PORTS = "ipPorts";
+	String PREF_IPV6 = "ipv6";
 
+	// Default value for PREF_PLUGIN_ENABLE
+	boolean DEFAULT_PREF_PLUGIN_ENABLE = true;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/Plugin.java

@@ -3,12 +3,56 @@ package org.briarproject.bramble.api.plugin;
 import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.settings.SettingsManager;
+import org.briarproject.bramble.api.system.Wakeful;
 
 import java.util.Collection;
 
 @NotNullByDefault
 public interface Plugin {
 
+	enum State {
+
+		/**
+		 * The plugin has not finished starting or has been stopped.
+		 */
+		STARTING_STOPPING,
+
+		/**
+		 * The plugin is disabled by settings. Use {@link #getReasonsDisabled()}
+		 * to find out which settings are responsible.
+		 */
+		DISABLED,
+
+		/**
+		 * The plugin is being enabled and can't yet make or receive
+		 * connections.
+		 */
+		ENABLING,
+
+		/**
+		 * The plugin is enabled and can make or receive connections.
+		 */
+		ACTIVE,
+
+		/**
+		 * The plugin is enabled but can't make or receive connections
+		 */
+		INACTIVE
+	}
+
+	/**
+	 * The string for the boolean preference
+	 * to use with the {@link SettingsManager} to enable or disable the plugin.
+	 */
+	String PREF_PLUGIN_ENABLE = "enable";
+
+	/**
+	 * Reason flag returned by {@link #getReasonsDisabled()} to indicate that
+	 * the plugin has been disabled by the user.
+	 */
+	int REASON_USER = 1;
+
 	/**
 	 * Returns the plugin's transport identifier.
 	 */
@@ -27,17 +71,28 @@ public interface Plugin {
 	/**
 	 * Starts the plugin.
 	 */
+	@Wakeful
 	void start() throws PluginException;
 
 	/**
 	 * Stops the plugin.
 	 */
+	@Wakeful
 	void stop() throws PluginException;
 
 	/**
-	 * Returns true if the plugin is running.
+	 * Returns the current state of the plugin.
 	 */
-	boolean isRunning();
+	State getState();
+
+	/**
+	 * Returns a set of flags indicating why the plugin is
+	 * {@link State#DISABLED disabled}, or 0 if the plugin is not disabled.
+	 * <p>
+	 * The flags used are plugin-specific, except the generic flag
+	 * {@link #REASON_USER}, which may be used by any plugin.
+	 */
+	int getReasonsDisabled();
 
 	/**
 	 * Returns true if the plugin should be polled periodically to attempt to
@@ -54,6 +109,7 @@ public interface Plugin {
 	 * Attempts to create connections using the given transport properties,
 	 * passing any created connections to the corresponding handlers.
 	 */
+	@Wakeful
 	void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
 			properties);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java

@@ -1,9 +1,15 @@
 package org.briarproject.bramble.api.plugin;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
+import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
+import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
+import org.briarproject.bramble.api.plugin.event.TransportStateEvent;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.settings.Settings;
 
+import java.util.Collection;
+
 /**
  * An interface through which a transport plugin interacts with the rest of
  * the application.
@@ -21,6 +27,11 @@ public interface PluginCallback extends ConnectionHandler {
 	 */
 	TransportProperties getLocalProperties();
 
+	/**
+	 * Returns the plugin's remote transport properties.
+	 */
+	Collection<TransportProperties> getRemoteProperties();
+
 	/**
 	 * Merges the given settings with the plugin's settings
 	 */
@@ -32,12 +43,17 @@ public interface PluginCallback extends ConnectionHandler {
 	void mergeLocalProperties(TransportProperties p);
 
 	/**
-	 * Signals that the transport is enabled.
+	 * Informs the callback of the plugin's current state.
+	 * <p>
+	 * If the current state is different from the previous state, the callback
+	 * will broadcast a {@link TransportStateEvent}. If the current state is
+	 * {@link State#ACTIVE} and the previous state was not
+	 * {@link State#ACTIVE}, the callback will broadcast a
+	 * {@link TransportActiveEvent}. If the current state is not
+	 * {@link State#ACTIVE} and the previous state was {@link State#ACTIVE},
+	 * the callback will broadcast a {@link TransportInactiveEvent}.
+	 * <p>
+	 * This method can safely be called while holding a lock.
 	 */
-	void transportEnabled();
+	void pluginStateChanged(State state);
-
-	/**
-	 * Signals that the transport is disabled.
-	 */
-	void transportDisabled();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginConfig.java

@@ -5,6 +5,8 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 
 import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 
 @NotNullByDefault
 public interface PluginConfig {
@@ -14,4 +16,11 @@ public interface PluginConfig {
 	Collection<SimplexPluginFactory> getSimplexFactories();
 
 	boolean shouldPoll();
+
+	/**
+	 * Returns a map representing transport preferences. For each entry in the
+	 * map, connections via the transports identified by the value are
+	 * preferred to connections via the transport identified by the key.
+	 */
+	Map<TransportId, List<TransportId>> getTransportPreferences();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java

@@ -41,4 +41,17 @@ public interface PluginManager {
 	 * Returns any duplex plugins that support rendezvous.
 	 */
 	Collection<DuplexPlugin> getRendezvousPlugins();
+
+	/**
+	 * Enables or disables the plugin
+	 * identified by the given {@link TransportId}.
+	 * <p>
+	 * Note that this applies the change asynchronously
+	 * and there are no order guarantees.
+	 * <p>
+	 * If no plugin with the given {@link TransportId} is registered,
+	 * this is a no-op.
+	 */
+	void setPluginEnabled(TransportId t, boolean enabled);
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java

@@ -1,9 +1,12 @@
 package org.briarproject.bramble.api.plugin;
 
+import static java.util.concurrent.TimeUnit.DAYS;
+
 public interface TorConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.tor");
 
+	// Transport properties
 	String PROP_ONION_V2 = "onion";
 	String PROP_ONION_V3 = "onion3";
 
@@ -13,14 +16,45 @@ public interface TorConstants {
 	int CONNECT_TO_PROXY_TIMEOUT = 5000; // Milliseconds
 	int EXTRA_SOCKET_TIMEOUT = 30000; // Milliseconds
 
+	// Local settings (not shared with contacts)
 	String PREF_TOR_NETWORK = "network2";
 	String PREF_TOR_PORT = "port";
 	String PREF_TOR_MOBILE = "useMobileData";
 	String PREF_TOR_ONLY_WHEN_CHARGING = "onlyWhenCharging";
+	String HS_PRIVATE_KEY_V2 = "onionPrivKey";
+	String HS_PRIVATE_KEY_V3 = "onionPrivKey3";
+	String HS_V3_CREATED = "onionPrivKey3Created";
 
+	/**
+	 * How long to publish a v3 hidden service before retiring the v2 service.
+	 */
+	long V3_MIGRATION_PERIOD_MS = DAYS.toMillis(180);
+
+	// Values for PREF_TOR_NETWORK
 	int PREF_TOR_NETWORK_AUTOMATIC = 0;
 	int PREF_TOR_NETWORK_WITHOUT_BRIDGES = 1;
 	int PREF_TOR_NETWORK_WITH_BRIDGES = 2;
+	// TODO: Remove when settings migration code is removed
 	int PREF_TOR_NETWORK_NEVER = 3;
 
+	// Default values for local settings
+	boolean DEFAULT_PREF_PLUGIN_ENABLE = true;
+	int DEFAULT_PREF_TOR_NETWORK = PREF_TOR_NETWORK_AUTOMATIC;
+	boolean DEFAULT_PREF_TOR_MOBILE = true;
+	boolean DEFAULT_PREF_TOR_ONLY_WHEN_CHARGING = false;
+
+	/**
+	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 */
+	int REASON_BATTERY = 2;
+
+	/**
+	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 */
+	int REASON_MOBILE_DATA = 4;
+
+	/**
+	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
+	 */
+	int REASON_COUNTRY_BLOCKED = 8;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorDirectory.java

@@ -1,5 +1,6 @@
-package org.briarproject.bramble.api.system;
+package org.briarproject.bramble.api.plugin;
 
+import java.io.File;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
@@ -11,15 +12,11 @@ import static java.lang.annotation.ElementType.PARAMETER;
 import static java.lang.annotation.RetentionPolicy.RUNTIME;
 
 /**
- * Annotation for injecting a scheduled executor service
+ * Annotation for injecting the {@link File directory} where the Tor plugin
- * that can be used to schedule the execution of tasks.
+ * should store its state.
- * <p>
- * The service should <b>only</b> be used for running tasks on other executors
- * at scheduled times.
- * No significant work should be run by the service itself!
  */
 @Qualifier
 @Target({FIELD, METHOD, PARAMETER})
 @Retention(RUNTIME)
-public @interface Scheduler {
+public @interface TorDirectory {
-}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/WanTcpConstants.java

@@ -4,4 +4,7 @@ public interface WanTcpConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.wan");
 
+	// Default value for PREF_PLUGIN_ENABLE
+	boolean DEFAULT_PREF_PLUGIN_ENABLE = false;
 }
+

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractDuplexTransportConnection.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -14,6 +15,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
 public abstract class AbstractDuplexTransportConnection
 		implements DuplexTransportConnection {
 
+	protected final TransportProperties remote = new TransportProperties();
+
 	private final Plugin plugin;
 	private final Reader reader;
 	private final Writer writer;
@@ -44,6 +47,11 @@ public abstract class AbstractDuplexTransportConnection
 		return writer;
 	}
 
+	@Override
+	public TransportProperties getRemoteProperties() {
+		return remote;
+	}
+
 	private class Reader implements TransportConnectionReader {
 
 		@Override

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java

@@ -8,6 +8,7 @@ import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.rendezvous.KeyMaterialSource;
 import org.briarproject.bramble.api.rendezvous.RendezvousEndpoint;
+import org.briarproject.bramble.api.system.Wakeful;
 
 import javax.annotation.Nullable;
 
@@ -21,6 +22,7 @@ public interface DuplexPlugin extends Plugin {
 	 * Attempts to create and return a connection using the given transport
 	 * properties. Returns null if a connection cannot be created.
 	 */
+	@Wakeful
 	@Nullable
 	DuplexTransportConnection createConnection(TransportProperties p);
 

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexTransportConnection.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 /**
  * An interface for reading and writing data over a duplex transport. The
@@ -23,4 +24,10 @@ public interface DuplexTransportConnection {
 	 * for writing to the connection.
 	 */
 	TransportConnectionWriter getWriter();
+
+	/**
+	 * Returns a possibly empty set of {@link TransportProperties} describing
+	 * the remote peer.
+	 */
+	TransportProperties getRemoteProperties();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/BluetoothEnabledEvent.java

@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that informs the Bluetooth plugin that we have enabled the
- * Bluetooth adapter.
- */
-@Immutable
-@NotNullByDefault
-public class BluetoothEnabledEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/ConnectionClosedEvent.java

@@ -13,13 +13,14 @@ public class ConnectionClosedEvent extends Event {
 
 	private final ContactId contactId;
 	private final TransportId transportId;
-	private final boolean incoming;
+	private final boolean incoming, exception;
 
 	public ConnectionClosedEvent(ContactId contactId, TransportId transportId,
-			boolean incoming) {
+			boolean incoming, boolean exception) {
 		this.contactId = contactId;
 		this.transportId = transportId;
 		this.incoming = incoming;
+		this.exception = exception;
 	}
 
 	public ContactId getContactId() {
@@ -33,4 +34,8 @@ public class ConnectionClosedEvent extends Event {
 	public boolean isIncoming() {
 		return incoming;
 	}
+
+	public boolean isException() {
+		return exception;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/DisableBluetoothEvent.java

@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that asks the Bluetooth plugin to disable the Bluetooth adapter if
- * we previously enabled it.
- */
-@Immutable
-@NotNullByDefault
-public class DisableBluetoothEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/EnableBluetoothEvent.java

@@ -1,14 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that asks the Bluetooth plugin to enable the Bluetooth adapter.
- */
-@Immutable
-@NotNullByDefault
-public class EnableBluetoothEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportActiveEvent.java

@@ -2,20 +2,22 @@ package org.briarproject.bramble.api.plugin.event;
 
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.concurrent.Immutable;
 
 /**
- * An event that is broadcast when a transport is enabled.
+ * An event that is broadcast when a plugin enters the {@link State#ACTIVE}
+ * state.
  */
 @Immutable
 @NotNullByDefault
-public class TransportEnabledEvent extends Event {
+public class TransportActiveEvent extends Event {
 
 	private final TransportId transportId;
 
-	public TransportEnabledEvent(TransportId transportId) {
+	public TransportActiveEvent(TransportId transportId) {
 		this.transportId = transportId;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportInactiveEvent.java

@@ -2,20 +2,22 @@ package org.briarproject.bramble.api.plugin.event;
 
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.concurrent.Immutable;
 
 /**
- * An event that is broadcast when a transport is disabled.
+ * An event that is broadcast when a plugin leaves the {@link State#ACTIVE}
+ * state.
  */
 @Immutable
 @NotNullByDefault
-public class TransportDisabledEvent extends Event {
+public class TransportInactiveEvent extends Event {
 
 	private final TransportId transportId;
 
-	public TransportDisabledEvent(TransportId transportId) {
+	public TransportInactiveEvent(TransportId transportId) {
 		this.transportId = transportId;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportStateEvent.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.api.plugin.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.Plugin.State;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when the {@link State state} of a plugin changes.
+ */
+@Immutable
+@NotNullByDefault
+public class TransportStateEvent extends Event {
+
+	private final TransportId transportId;
+	private final State state;
+
+	public TransportStateEvent(TransportId transportId, State state) {
+		this.transportId = transportId;
+		this.state = state;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+
+	public State getState() {
+		return state;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/simplex/SimplexPlugin.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
 import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.system.Wakeful;
 
 import javax.annotation.Nullable;
 
@@ -18,6 +19,7 @@ public interface SimplexPlugin extends Plugin {
 	 * Attempts to create and return a reader for the given transport
 	 * properties. Returns null if a reader cannot be created.
 	 */
+	@Wakeful
 	@Nullable
 	TransportConnectionReader createReader(TransportProperties p);
 
@@ -25,6 +27,7 @@ public interface SimplexPlugin extends Plugin {
 	 * Attempts to create and return a writer for the given transport
 	 * properties. Returns null if a writer cannot be created.
 	 */
+	@Wakeful
 	@Nullable
 	TransportConnectionWriter createWriter(TransportProperties p);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyConstants.java

@@ -11,4 +11,33 @@ public interface TransportPropertyConstants {
 	 * The maximum length of a property's key or value in UTF-8 bytes.
 	 */
 	int MAX_PROPERTY_LENGTH = 100;
+
+	/**
+	 * Prefix for keys that represent reflected properties.
+	 */
+	String REFLECTED_PROPERTY_PREFIX = "u:";
+
+	/**
+	 * Message metadata key for the transport ID of a local or remote update,
+	 * as a BDF string.
+	 */
+	String MSG_KEY_TRANSPORT_ID = "transportId";
+
+	/**
+	 * Message metadata key for the version number of a local or remote update,
+	 * as a BDF long.
+	 */
+	String MSG_KEY_VERSION = "version";
+
+	/**
+	 * Message metadata key for whether an update is local or remote, as a BDF
+	 * boolean.
+	 */
+	String MSG_KEY_LOCAL = "local";
+
+	/**
+	 * Group metadata key for any discovered transport properties of the
+	 * contact, as a BDF dictionary.
+	 */
+	String GROUP_KEY_DISCOVERED = "discovered";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java

@@ -34,6 +34,14 @@ public interface TransportPropertyManager {
 	void addRemoteProperties(Transaction txn, ContactId c,
 			Map<TransportId, TransportProperties> props) throws DbException;
 
+	/**
+	 * Stores the given properties discovered from an incoming transport
+	 * connection. They will be overridden by any properties received while
+	 * adding the contact or synced from the contact.
+	 */
+	void addRemotePropertiesFromConnection(ContactId c, TransportId t,
+			TransportProperties props) throws DbException;
+
 	/**
 	 * Returns the local transport properties for all transports.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/properties/event/RemoteTransportPropertiesUpdatedEvent.java

@@ -0,0 +1,27 @@
+package org.briarproject.bramble.api.properties.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportProperties;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when {@link TransportProperties} are received
+ * from a contact.
+ */
+@Immutable
+@NotNullByDefault
+public class RemoteTransportPropertiesUpdatedEvent extends Event {
+
+	private final TransportId transportId;
+
+	public RemoteTransportPropertiesUpdatedEvent(TransportId transportId) {
+		this.transportId = transportId;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Priority.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A record containing a nonce for choosing between redundant sessions.
+ */
+@Immutable
+@NotNullByDefault
+public class Priority {
+
+	private final byte[] nonce;
+
+	public Priority(byte[] nonce) {
+		this.nonce = nonce;
+	}
+
+	public byte[] getNonce() {
+		return nonce;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/PriorityHandler.java

@@ -0,0 +1,13 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * An interface for handling a {@link Priority} record received by an
+ * incoming {@link SyncSession}.
+ */
+@NotNullByDefault
+public interface PriorityHandler {
+
+	void handle(Priority p);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java

@@ -10,4 +10,5 @@ public interface RecordTypes {
 	byte OFFER = 2;
 	byte REQUEST = 3;
 	byte VERSIONS = 4;
+	byte PRIORITY = 5;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java

@@ -49,4 +49,10 @@ public interface SyncConstants {
 	 * simultaneously.
 	 */
 	int MAX_SUPPORTED_VERSIONS = 10;
+
+	/**
+	 * The length of the priority nonce used for choosing between redundant
+	 * connections.
+	 */
+	int PRIORITY_NONCE_BYTES = 16;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java

@@ -28,4 +28,8 @@ public interface SyncRecordReader {
 	boolean hasVersions() throws IOException;
 
 	Versions readVersions() throws IOException;
+
+	boolean hasPriority() throws IOException;
+
+	Priority readPriority() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java

@@ -17,5 +17,7 @@ public interface SyncRecordWriter {
 
 	void writeVersions(Versions v) throws IOException;
 
+	void writePriority(Priority p) throws IOException;
+
 	void flush() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncSessionFactory.java

@@ -2,18 +2,23 @@ package org.briarproject.bramble.api.sync;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.StreamWriter;
 
 import java.io.InputStream;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface SyncSessionFactory {
 
-	SyncSession createIncomingSession(ContactId c, InputStream in);
+	SyncSession createIncomingSession(ContactId c, InputStream in,
+			PriorityHandler handler);
 
-	SyncSession createSimplexOutgoingSession(ContactId c, int maxLatency,
+	SyncSession createSimplexOutgoingSession(ContactId c, TransportId t,
-			StreamWriter streamWriter);
+			int maxLatency, StreamWriter streamWriter);
 
-	SyncSession createDuplexOutgoingSession(ContactId c, int maxLatency,
+	SyncSession createDuplexOutgoingSession(ContactId c, TransportId t,
-			int maxIdleTime, StreamWriter streamWriter);
+			int maxLatency, int maxIdleTime, StreamWriter streamWriter,
+			@Nullable Priority priority);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/event/CloseSyncConnectionsEvent.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.sync.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when all sync connections using a given
+ * transport should be closed.
+ */
+@Immutable
+@NotNullByDefault
+public class CloseSyncConnectionsEvent extends Event {
+
+	private final TransportId transportId;
+
+	public CloseSyncConnectionsEvent(TransportId transportId) {
+		this.transportId = transportId;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/system/TaskScheduler.java

@@ -0,0 +1,43 @@
+package org.briarproject.bramble.api.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * A service that can be used to schedule the execution of tasks.
+ */
+@NotNullByDefault
+public interface TaskScheduler {
+
+	/**
+	 * Submits the given task to the given executor after the given delay.
+	 * <p>
+	 * If the platform supports wake locks, a wake lock will be held while
+	 * submitting and running the task.
+	 */
+	Cancellable schedule(Runnable task, Executor executor, long delay,
+			TimeUnit unit);
+
+	/**
+	 * Submits the given task to the given executor after the given delay,
+	 * and then repeatedly with the given interval between executions
+	 * (measured from the end of one execution to the beginning of the next).
+	 * <p>
+	 * If the platform supports wake locks, a wake lock will be held while
+	 * submitting and running the task.
+	 */
+	Cancellable scheduleWithFixedDelay(Runnable task, Executor executor,
+			long delay, long interval, TimeUnit unit);
+
+	interface Cancellable {
+
+		/**
+		 * Cancels the task if it has not already started running. If the task
+		 * is {@link #scheduleWithFixedDelay(Runnable, Executor, long, long, TimeUnit) periodic},
+		 * all future executions of the task are cancelled.
+		 */
+		void cancel();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/system/Wakeful.java

@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.system;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.inject.Qualifier;
+
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * Annotation for methods that must be called while holding a wake lock, if
+ * the platform supports wake locks.
+ */
+@Qualifier
+@Target(METHOD)
+@Retention(RUNTIME)
+public @interface Wakeful {
+}

bramble-api/src/main/java/org/briarproject/bramble/api/system/WakefulIoExecutor.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.system;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.inject.Qualifier;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * Annotation for injecting the executor for long-running IO tasks that should
+ * run without sleeping. Also used for annotating methods that should run on
+ * this executor.
+ * <p>
+ * The contract of this executor is that tasks may be run concurrently, and
+ * submitting a task will never block. Tasks must not run indefinitely. Tasks
+ * submitted during shutdown are discarded.
+ */
+@Qualifier
+@Target({FIELD, METHOD, PARAMETER})
+@Retention(RUNTIME)
+public @interface WakefulIoExecutor {
+}

bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java

@@ -117,4 +117,10 @@ public class IoUtils {
 			throw new IOException(e);
 		}
 	}
+
+	public static boolean isNonEmptyDirectory(File f) {
+		if (!f.isDirectory()) return false;
+		File[] children = f.listFiles();
+		return children != null && children.length > 0;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java

@@ -2,13 +2,17 @@ package org.briarproject.bramble.util;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
-import java.net.Inet6Address;
+import java.net.Inet4Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 
 import javax.annotation.Nullable;
 
+import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
+import static org.briarproject.bramble.util.StringUtils.isValidMac;
+import static org.briarproject.bramble.util.StringUtils.toHexString;
+
 @NotNullByDefault
 public class PrivacyUtils {
 
@@ -19,7 +23,7 @@ public class PrivacyUtils {
 
 	@Nullable
 	public static String scrubMacAddress(@Nullable String address) {
-		if (address == null || address.length() == 0) return null;
+		if (isNullOrEmpty(address) || !isValidMac(address)) return address;
 		// this is a fake address we need to know about
 		if (address.equals("02:00:00:00:00:00")) return address;
 		// keep first and last octet of MAC address
@@ -27,39 +31,37 @@ public class PrivacyUtils {
 				+ address.substring(14, 17);
 	}
 
-	@Nullable
 	public static String scrubInetAddress(InetAddress address) {
-		// don't scrub link and site local addresses
+		if (address instanceof Inet4Address) {
-		if (address.isLinkLocalAddress() || address.isSiteLocalAddress())
+			// Don't scrub local IPv4 addresses
-			return address.toString();
+			if (address.isLoopbackAddress() || address.isLinkLocalAddress() ||
-		// completely scrub IPv6 addresses
+					address.isSiteLocalAddress()) {
-		if (address instanceof Inet6Address) return "[scrubbed]";
+				return address.getHostAddress();
-		// keep first and last octet of IPv4 addresses
+			}
-		return scrubInetAddress(address.toString());
+			// Keep first and last octet of non-local IPv4 addresses
+			return scrubIpv4Address(address.getAddress());
+		} else {
+			// Keep first and last octet of IPv6 addresses
+			return scrubIpv6Address(address.getAddress());
+		}
 	}
 
-	@Nullable
+	private static String scrubIpv4Address(byte[] ipv4) {
-	public static String scrubInetAddress(@Nullable String address) {
+		return (ipv4[0] & 0xFF) + ".[scrubbed]." + (ipv4[3] & 0xFF);
-		if (address == null) return null;
+	}
-
+
-		int firstDot = address.indexOf(".");
+	private static String scrubIpv6Address(byte[] ipv6) {
-		if (firstDot == -1) return "[scrubbed]";
+		String hex = toHexString(ipv6).toLowerCase();
-		String prefix = address.substring(0, firstDot + 1);
+		return hex.substring(0, 2) + "[scrubbed]" + hex.substring(30);
-		int lastDot = address.lastIndexOf(".");
-		String suffix = address.substring(lastDot, address.length());
-		return prefix + "[scrubbed]" + suffix;
 	}
 
-	@Nullable
 	public static String scrubSocketAddress(InetSocketAddress address) {
-		InetAddress inetAddress = address.getAddress();
+		return scrubInetAddress(address.getAddress());
-		return scrubInetAddress(inetAddress);
 	}
 
-	@Nullable
 	public static String scrubSocketAddress(SocketAddress address) {
 		if (address instanceof InetSocketAddress)
 			return scrubSocketAddress((InetSocketAddress) address);
-		return scrubInetAddress(address.toString());
+		return "[scrubbed]";
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreEagerSingletons.java

@@ -9,7 +9,6 @@ import org.briarproject.bramble.plugin.PluginModule;
 import org.briarproject.bramble.properties.PropertiesModule;
 import org.briarproject.bramble.rendezvous.RendezvousModule;
 import org.briarproject.bramble.sync.validation.ValidationModule;
-import org.briarproject.bramble.system.SystemModule;
 import org.briarproject.bramble.transport.TransportModule;
 import org.briarproject.bramble.versioning.VersioningModule;
 
@@ -31,8 +30,6 @@ public interface BrambleCoreEagerSingletons {
 
 	void inject(RendezvousModule.EagerSingletons init);
 
-	void inject(SystemModule.EagerSingletons init);
-
 	void inject(TransportModule.EagerSingletons init);
 
 	void inject(ValidationModule.EagerSingletons init);
@@ -50,7 +47,6 @@ public interface BrambleCoreEagerSingletons {
 			c.inject(new RendezvousModule.EagerSingletons());
 			c.inject(new PluginModule.EagerSingletons());
 			c.inject(new PropertiesModule.EagerSingletons());
-			c.inject(new SystemModule.EagerSingletons());
 			c.inject(new TransportModule.EagerSingletons());
 			c.inject(new ValidationModule.EagerSingletons());
 			c.inject(new VersioningModule.EagerSingletons());

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble;
 
 import org.briarproject.bramble.client.ClientModule;
+import org.briarproject.bramble.connection.ConnectionModule;
 import org.briarproject.bramble.contact.ContactModule;
 import org.briarproject.bramble.crypto.CryptoExecutorModule;
 import org.briarproject.bramble.crypto.CryptoModule;
@@ -9,6 +10,7 @@ import org.briarproject.bramble.db.DatabaseExecutorModule;
 import org.briarproject.bramble.db.DatabaseModule;
 import org.briarproject.bramble.event.EventModule;
 import org.briarproject.bramble.identity.IdentityModule;
+import org.briarproject.bramble.io.IoModule;
 import org.briarproject.bramble.keyagreement.KeyAgreementModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
@@ -19,7 +21,7 @@ import org.briarproject.bramble.rendezvous.RendezvousModule;
 import org.briarproject.bramble.settings.SettingsModule;
 import org.briarproject.bramble.sync.SyncModule;
 import org.briarproject.bramble.sync.validation.ValidationModule;
-import org.briarproject.bramble.system.SystemModule;
+import org.briarproject.bramble.system.ClockModule;
 import org.briarproject.bramble.transport.TransportModule;
 import org.briarproject.bramble.versioning.VersioningModule;
 
@@ -27,6 +29,8 @@ import dagger.Module;
 
 @Module(includes = {
 		ClientModule.class,
+		ClockModule.class,
+		ConnectionModule.class,
 		ContactModule.class,
 		CryptoModule.class,
 		CryptoExecutorModule.class,
@@ -35,6 +39,7 @@ import dagger.Module;
 		DatabaseExecutorModule.class,
 		EventModule.class,
 		IdentityModule.class,
+		IoModule.class,
 		KeyAgreementModule.class,
 		LifecycleModule.class,
 		PluginModule.class,
@@ -44,7 +49,6 @@ import dagger.Module;
 		RendezvousModule.class,
 		SettingsModule.class,
 		SyncModule.class,
-		SystemModule.class,
 		TransportModule.class,
 		ValidationModule.class,
 		VersioningModule.class

bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.account;
 
 import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
@@ -17,6 +18,7 @@ import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.nio.charset.Charset;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
@@ -24,6 +26,7 @@ import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.fromHexString;
 import static org.briarproject.bramble.util.StringUtils.toHexString;
@@ -95,7 +98,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 		try {
 			BufferedReader reader = new BufferedReader(new InputStreamReader(
-					new FileInputStream(f), "UTF-8"));
+					new FileInputStream(f), Charset.forName("UTF-8")));
 			String key = reader.readLine();
 			reader.close();
 			return key;
@@ -147,7 +150,7 @@ class AccountManagerImpl implements AccountManager {
 	@GuardedBy("stateChangeLock")
 	private void writeDbKeyToFile(String key, File f) throws IOException {
 		FileOutputStream out = new FileOutputStream(f);
-		out.write(key.getBytes("UTF-8"));
+		out.write(key.getBytes(Charset.forName("UTF-8")));
 		out.flush();
 		out.close();
 	}
@@ -155,8 +158,7 @@ class AccountManagerImpl implements AccountManager {
 	@Override
 	public boolean accountExists() {
 		synchronized (stateChangeLock) {
-			return loadEncryptedDatabaseKey() != null
+			return loadEncryptedDatabaseKey() != null;
-					&& databaseConfig.getDatabaseDirectory().isDirectory();
 		}
 	}
 
@@ -193,31 +195,24 @@ class AccountManagerImpl implements AccountManager {
 	}
 
 	@Override
-	public boolean signIn(String password) {
+	public void signIn(String password) throws DecryptionException {
 		synchronized (stateChangeLock) {
-			SecretKey key = loadAndDecryptDatabaseKey(password);
+			databaseKey = loadAndDecryptDatabaseKey(password);
-			if (key == null) return false;
-			databaseKey = key;
-			return true;
 		}
 	}
 
 	@GuardedBy("stateChangeLock")
-	@Nullable
+	private SecretKey loadAndDecryptDatabaseKey(String password)
-	private SecretKey loadAndDecryptDatabaseKey(String password) {
+			throws DecryptionException {
 		String hex = loadEncryptedDatabaseKey();
 		if (hex == null) {
 			LOG.warning("Failed to load encrypted database key");
-			return null;
+			throw new DecryptionException(INVALID_CIPHERTEXT);
 		}
 		byte[] ciphertext = fromHexString(hex);
 		KeyStrengthener keyStrengthener = databaseConfig.getKeyStrengthener();
 		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password,
 				keyStrengthener);
-		if (plaintext == null) {
-			LOG.info("Failed to decrypt database key");
-			return null;
-		}
 		SecretKey key = new SecretKey(plaintext);
 		// If the DB key was encrypted with a weak key and a key strengthener
 		// is now available, re-encrypt the DB key with a strengthened key
@@ -230,10 +225,11 @@ class AccountManagerImpl implements AccountManager {
 	}
 
 	@Override
-	public boolean changePassword(String oldPassword, String newPassword) {
+	public void changePassword(String oldPassword, String newPassword)
+			throws DecryptionException {
 		synchronized (stateChangeLock) {
 			SecretKey key = loadAndDecryptDatabaseKey(oldPassword);
-			return key != null && encryptAndStoreDatabaseKey(key, newPassword);
+			encryptAndStoreDatabaseKey(key, newPassword);
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/connection/Connection.java

@@ -0,0 +1,79 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.util.IoUtils.read;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+abstract class Connection {
+
+	protected static final Logger LOG = getLogger(Connection.class.getName());
+
+	final KeyManager keyManager;
+	final ConnectionRegistry connectionRegistry;
+	final StreamReaderFactory streamReaderFactory;
+	final StreamWriterFactory streamWriterFactory;
+
+	Connection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory) {
+		this.keyManager = keyManager;
+		this.connectionRegistry = connectionRegistry;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+	}
+
+	@Nullable
+	StreamContext recogniseTag(TransportConnectionReader reader,
+			TransportId transportId) {
+		StreamContext ctx;
+		try {
+			byte[] tag = readTag(reader.getInputStream());
+			return keyManager.getStreamContext(transportId, tag);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	private byte[] readTag(InputStream in) throws IOException {
+		byte[] tag = new byte[TAG_LENGTH];
+		read(in, tag);
+		return tag;
+	}
+
+	void disposeOnError(TransportConnectionReader reader, boolean recognised) {
+		try {
+			reader.dispose(true, recognised);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+
+	void disposeOnError(TransportConnectionWriter writer) {
+		try {
+			writer.dispose(true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionManagerImpl.java

@@ -0,0 +1,114 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.security.SecureRandom;
+import java.util.concurrent.Executor;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+@Immutable
+@NotNullByDefault
+class ConnectionManagerImpl implements ConnectionManager {
+
+	private final Executor ioExecutor;
+	private final KeyManager keyManager;
+	private final StreamReaderFactory streamReaderFactory;
+	private final StreamWriterFactory streamWriterFactory;
+	private final SyncSessionFactory syncSessionFactory;
+	private final HandshakeManager handshakeManager;
+	private final ContactExchangeManager contactExchangeManager;
+	private final ConnectionRegistry connectionRegistry;
+	private final TransportPropertyManager transportPropertyManager;
+	private final SecureRandom secureRandom;
+
+	@Inject
+	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
+			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionRegistry connectionRegistry,
+			TransportPropertyManager transportPropertyManager,
+			SecureRandom secureRandom) {
+		this.ioExecutor = ioExecutor;
+		this.keyManager = keyManager;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+		this.syncSessionFactory = syncSessionFactory;
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionRegistry = connectionRegistry;
+		this.transportPropertyManager = transportPropertyManager;
+		this.secureRandom = secureRandom;
+	}
+
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			TransportConnectionReader r) {
+		ioExecutor.execute(new IncomingSimplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, t, r));
+	}
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new IncomingDuplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, ioExecutor,
+				t, d));
+	}
+
+	@Override
+	public void manageIncomingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new IncomingHandshakeConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				handshakeManager, contactExchangeManager, this, p, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			TransportConnectionWriter w) {
+		ioExecutor.execute(new OutgoingSimplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, c, t, w));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new OutgoingDuplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, ioExecutor,
+				secureRandom, c, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new OutgoingHandshakeConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				handshakeManager, contactExchangeManager, this, p, t, d));
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionModule.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public class ConnectionModule {
+
+	@Provides
+	ConnectionManager provideConnectionManager(
+			ConnectionManagerImpl connectionManager) {
+		return connectionManager;
+	}
+
+	@Provides
+	@Singleton
+	ConnectionRegistry provideConnectionRegistry(
+			ConnectionRegistryImpl connectionRegistry) {
+		return connectionRegistry;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionRegistryImpl.java

@@ -0,0 +1,283 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;
+
+import static java.util.Collections.emptyList;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+
+@ThreadSafe
+@NotNullByDefault
+class ConnectionRegistryImpl implements ConnectionRegistry {
+
+	private static final Logger LOG =
+			getLogger(ConnectionRegistryImpl.class.getName());
+
+	private final EventBus eventBus;
+	private final Map<TransportId, List<TransportId>> transportPrefs;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final Map<ContactId, List<ConnectionRecord>> contactConnections;
+	@GuardedBy("lock")
+	private final Set<PendingContactId> connectedPendingContacts;
+
+	@Inject
+	ConnectionRegistryImpl(EventBus eventBus, PluginConfig pluginConfig) {
+		this.eventBus = eventBus;
+		transportPrefs = pluginConfig.getTransportPreferences();
+		contactConnections = new HashMap<>();
+		connectedPendingContacts = new HashSet<>();
+	}
+
+	@Override
+	public void registerIncomingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn) {
+		registerConnection(c, t, conn, true);
+	}
+
+	@Override
+	public void registerOutgoingConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority) {
+		registerConnection(c, t, conn, false);
+		setPriority(c, t, conn, priority);
+	}
+
+	private void registerConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection registered: " + t);
+			else LOG.info("Outgoing connection registered: " + t);
+		}
+		boolean firstConnection;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) {
+				recs = new ArrayList<>();
+				contactConnections.put(c, recs);
+			}
+			firstConnection = recs.isEmpty();
+			recs.add(new ConnectionRecord(t, conn));
+		}
+		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
+		if (firstConnection) {
+			LOG.info("Contact connected");
+			eventBus.broadcast(new ContactConnectedEvent(c));
+		}
+	}
+
+	@Override
+	public void setPriority(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority) {
+		if (LOG.isLoggable(INFO)) LOG.info("Setting connection priority: " + t);
+		List<InterruptibleConnection> toInterrupt;
+		boolean interruptNewConnection = false;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) throw new IllegalArgumentException();
+			toInterrupt = new ArrayList<>(recs.size());
+			for (ConnectionRecord rec : recs) {
+				if (rec.conn == conn) {
+					// Store the priority of this connection
+					rec.priority = priority;
+				} else if (rec.priority != null) {
+					int compare = compareConnections(t, priority,
+							rec.transportId, rec.priority);
+					if (compare == -1) {
+						// The old connection is better than the new one
+						interruptNewConnection = true;
+					} else if (compare == 1 && !rec.interrupted) {
+						// The new connection is better than the old one
+						toInterrupt.add(rec.conn);
+						rec.interrupted = true;
+					}
+				}
+			}
+		}
+		if (interruptNewConnection) {
+			LOG.info("Interrupting new connection");
+			conn.interruptOutgoingSession();
+		}
+		for (InterruptibleConnection old : toInterrupt) {
+			LOG.info("Interrupting old connection");
+			old.interruptOutgoingSession();
+		}
+	}
+
+	private int compareConnections(TransportId tA, Priority pA, TransportId tB,
+			Priority pB) {
+		if (getBetterTransports(tA).contains(tB)) return -1;
+		if (getBetterTransports(tB).contains(tA)) return 1;
+		return tA.equals(tB) ? Bytes.compare(pA.getNonce(), pB.getNonce()) : 0;
+	}
+
+	private List<TransportId> getBetterTransports(TransportId t) {
+		List<TransportId> better = transportPrefs.get(t);
+		return better == null ? emptyList() : better;
+	}
+
+	@Override
+	public void unregisterConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming, boolean exception) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection unregistered: " + t);
+			else LOG.info("Outgoing connection unregistered: " + t);
+		}
+		boolean lastConnection;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null || !recs.remove(new ConnectionRecord(t, conn)))
+				throw new IllegalArgumentException();
+			lastConnection = recs.isEmpty();
+		}
+		eventBus.broadcast(
+				new ConnectionClosedEvent(c, t, incoming, exception));
+		if (lastConnection) {
+			LOG.info("Contact disconnected");
+			eventBus.broadcast(new ContactDisconnectedEvent(c));
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedContacts(TransportId t) {
+		synchronized (lock) {
+			List<ContactId> contactIds = new ArrayList<>();
+			for (Entry<ContactId, List<ConnectionRecord>> e :
+					contactConnections.entrySet()) {
+				for (ConnectionRecord rec : e.getValue()) {
+					if (rec.transportId.equals(t)) {
+						contactIds.add(e.getKey());
+						break;
+					}
+				}
+			}
+			if (LOG.isLoggable(INFO)) {
+				LOG.info(contactIds.size() + " contacts connected: " + t);
+			}
+			return contactIds;
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedOrBetterContacts(TransportId t) {
+		synchronized (lock) {
+			List<TransportId> better = getBetterTransports(t);
+			List<ContactId> contactIds = new ArrayList<>();
+			for (Entry<ContactId, List<ConnectionRecord>> e :
+					contactConnections.entrySet()) {
+				for (ConnectionRecord rec : e.getValue()) {
+					if (rec.transportId.equals(t) ||
+							better.contains(rec.transportId)) {
+						contactIds.add(e.getKey());
+						break;
+					}
+				}
+			}
+			if (LOG.isLoggable(INFO)) {
+				LOG.info(contactIds.size()
+						+ " contacts connected or better: " + t);
+			}
+			return contactIds;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c, TransportId t) {
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) return false;
+			for (ConnectionRecord rec : recs) {
+				if (rec.transportId.equals(t)) return true;
+			}
+			return false;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c) {
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			return recs != null && !recs.isEmpty();
+		}
+	}
+
+	@Override
+	public boolean registerConnection(PendingContactId p) {
+		boolean added;
+		synchronized (lock) {
+			added = connectedPendingContacts.add(p);
+		}
+		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
+		return added;
+	}
+
+	@Override
+	public void unregisterConnection(PendingContactId p, boolean success) {
+		synchronized (lock) {
+			if (!connectedPendingContacts.remove(p))
+				throw new IllegalArgumentException();
+		}
+		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
+	}
+
+	private static class ConnectionRecord {
+
+		private final TransportId transportId;
+		private final InterruptibleConnection conn;
+		@GuardedBy("lock")
+		@Nullable
+		private Priority priority = null;
+		@GuardedBy("lock")
+		private boolean interrupted = false;
+
+		private ConnectionRecord(TransportId transportId,
+				InterruptibleConnection conn) {
+			this.transportId = transportId;
+			this.conn = conn;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (o instanceof ConnectionRecord) {
+				return conn == ((ConnectionRecord) o).conn;
+			} else {
+				return false;
+			}
+		}
+
+		@Override
+		public int hashCode() {
+			return conn.hashCode();
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/DuplexSyncConnection.java

@@ -0,0 +1,109 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.util.concurrent.Executor;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+
+@NotNullByDefault
+abstract class DuplexSyncConnection extends SyncConnection
+		implements InterruptibleConnection {
+
+	final Executor ioExecutor;
+	final TransportId transportId;
+	final TransportConnectionReader reader;
+	final TransportConnectionWriter writer;
+	final TransportProperties remote;
+
+	private final Object interruptLock = new Object();
+
+	@GuardedBy("interruptLock")
+	@Nullable
+	private SyncSession outgoingSession = null;
+	@GuardedBy("interruptLock")
+	private boolean interruptWaiting = false;
+
+	@Override
+	public void interruptOutgoingSession() {
+		SyncSession out = null;
+		synchronized (interruptLock) {
+			if (outgoingSession == null) interruptWaiting = true;
+			else out = outgoingSession;
+		}
+		if (out != null) out.interrupt();
+	}
+
+	void setOutgoingSession(SyncSession outgoingSession) {
+		boolean interruptWasWaiting = false;
+		synchronized (interruptLock) {
+			this.outgoingSession = outgoingSession;
+			if (interruptWaiting) {
+				interruptWasWaiting = true;
+				interruptWaiting = false;
+			}
+		}
+		if (interruptWasWaiting) outgoingSession.interrupt();
+	}
+
+	DuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, TransportId transportId,
+			DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.ioExecutor = ioExecutor;
+		this.transportId = transportId;
+		reader = connection.getReader();
+		writer = connection.getWriter();
+		remote = connection.getRemoteProperties();
+	}
+
+	void onReadError(boolean recognised) {
+		disposeOnError(reader, recognised);
+		disposeOnError(writer);
+		interruptOutgoingSession();
+	}
+
+	void onWriteError() {
+		disposeOnError(reader, true);
+		disposeOnError(writer);
+	}
+
+	SyncSession createDuplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w, @Nullable Priority priority)
+			throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createDuplexOutgoingSession(c,
+				ctx.getTransportId(), w.getMaxLatency(), w.getMaxIdleTime(),
+				streamWriter, priority);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/HandshakeConnection.java

@@ -0,0 +1,72 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+abstract class HandshakeConnection extends Connection {
+
+	final HandshakeManager handshakeManager;
+	final ContactExchangeManager contactExchangeManager;
+	final ConnectionManager connectionManager;
+	final PendingContactId pendingContactId;
+	final TransportId transportId;
+	final DuplexTransportConnection connection;
+	final TransportConnectionReader reader;
+	final TransportConnectionWriter writer;
+
+	HandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory);
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionManager = connectionManager;
+		this.pendingContactId = pendingContactId;
+		this.transportId = transportId;
+		this.connection = connection;
+		reader = connection.getReader();
+		writer = connection.getWriter();
+	}
+
+	@Nullable
+	StreamContext allocateStreamContext(PendingContactId pendingContactId,
+			TransportId transportId) {
+		try {
+			return keyManager.getStreamContext(pendingContactId, transportId);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	void onError(boolean recognised) {
+		disposeOnError(reader, recognised);
+		disposeOnError(writer);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingDuplexSyncConnection.java

@@ -0,0 +1,107 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.util.concurrent.Executor;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingDuplexSyncConnection extends DuplexSyncConnection
+		implements Runnable {
+
+	IncomingDuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, TransportId transportId,
+			DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager, ioExecutor, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		if (ctx == null) {
+			LOG.info("Unrecognised tag");
+			onReadError(false);
+			return;
+		}
+		ContactId contactId = ctx.getContactId();
+		if (contactId == null) {
+			LOG.warning("Expected contact tag, got rendezvous tag");
+			onReadError(true);
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onReadError(true);
+			return;
+		}
+		connectionRegistry.registerIncomingConnection(contactId, transportId,
+				this);
+		// Start the outgoing session on another thread
+		ioExecutor.execute(() -> runOutgoingSession(contactId));
+		try {
+			// Store any transport properties discovered from the connection
+			transportPropertyManager.addRemotePropertiesFromConnection(
+					contactId, transportId, remote);
+			// Update the connection registry when we receive our priority
+			PriorityHandler handler = p -> connectionRegistry.setPriority(
+					contactId, transportId, this, p);
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+			interruptOutgoingSession();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, true, false);
+		} catch (DbException | IOException e) {
+			logException(LOG, WARNING, e);
+			onReadError(true);
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, true, true);
+		}
+	}
+
+	private void runOutgoingSession(ContactId contactId) {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onWriteError();
+			return;
+		}
+		try {
+			// Create and run the outgoing session
+			SyncSession out = createDuplexOutgoingSession(ctx, writer, null);
+			setOutgoingSession(out);
+			out.run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onWriteError();
+		}
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingHandshakeConnection.java

@@ -0,0 +1,93 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingHandshakeConnection extends HandshakeConnection
+		implements Runnable {
+
+	IncomingHandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, handshakeManager, contactExchangeManager,
+				connectionManager, pendingContactId, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctxIn = recogniseTag(reader, transportId);
+		if (ctxIn == null) {
+			LOG.info("Unrecognised tag");
+			onError(false);
+			return;
+		}
+		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+		if (inPendingContactId == null) {
+			LOG.warning("Expected rendezvous tag, got contact tag");
+			onError(true);
+			return;
+		}
+		// Allocate the outgoing stream context
+		StreamContext ctxOut =
+				allocateStreamContext(pendingContactId, transportId);
+		if (ctxOut == null) {
+			LOG.warning("Could not allocate stream context");
+			onError(true);
+			return;
+		}
+		// Close the connection if it's redundant
+		if (!connectionRegistry.registerConnection(pendingContactId)) {
+			LOG.info("Redundant rendezvous connection");
+			onError(true);
+			return;
+		}
+		// Handshake and exchange contacts
+		try {
+			InputStream in = streamReaderFactory.createStreamReader(
+					reader.getInputStream(), ctxIn);
+			// Flush the output stream to send the outgoing stream header
+			StreamWriter out = streamWriterFactory.createStreamWriter(
+					writer.getOutputStream(), ctxOut);
+			out.getOutputStream().flush();
+			HandshakeResult result =
+					handshakeManager.handshake(pendingContactId, in, out);
+			contactExchangeManager.exchangeContacts(pendingContactId,
+					connection, result.getMasterKey(), result.isAlice(), false);
+			connectionRegistry.unregisterConnection(pendingContactId, true);
+			// Reuse the connection as a transport connection
+			connectionManager.manageIncomingConnection(transportId, connection);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			onError(true);
+			connectionRegistry.unregisterConnection(pendingContactId, false);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingSimplexSyncConnection.java

@@ -0,0 +1,79 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingSimplexSyncConnection extends SyncConnection implements Runnable {
+
+	private final TransportId transportId;
+	private final TransportConnectionReader reader;
+
+	IncomingSimplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			TransportId transportId, TransportConnectionReader reader) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.transportId = transportId;
+		this.reader = reader;
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		if (ctx == null) {
+			LOG.info("Unrecognised tag");
+			onError(false);
+			return;
+		}
+		ContactId contactId = ctx.getContactId();
+		if (contactId == null) {
+			LOG.warning("Received rendezvous stream, expected contact");
+			onError(true);
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onError(true);
+			return;
+		}
+		try {
+			// We don't expect to receive a priority for this connection
+			PriorityHandler handler = p ->
+					LOG.info("Ignoring priority for simplex connection");
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError(true);
+		}
+	}
+
+	private void onError(boolean recognised) {
+		disposeOnError(reader, recognised);
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingDuplexSyncConnection.java

@@ -0,0 +1,140 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.concurrent.Executor;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.sync.SyncConstants.PRIORITY_NONCE_BYTES;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingDuplexSyncConnection extends DuplexSyncConnection
+		implements Runnable {
+
+	private final SecureRandom secureRandom;
+	private final ContactId contactId;
+
+	OutgoingDuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, SecureRandom secureRandom, ContactId contactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager, ioExecutor, transportId, connection);
+		this.secureRandom = secureRandom;
+		this.contactId = contactId;
+	}
+
+	@Override
+	public void run() {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onWriteError();
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Cannot use handshake mode stream context");
+			onWriteError();
+			return;
+		}
+		// Start the incoming session on another thread
+		Priority priority = generatePriority();
+		ioExecutor.execute(() -> runIncomingSession(priority));
+		try {
+			// Create and run the outgoing session
+			SyncSession out =
+					createDuplexOutgoingSession(ctx, writer, priority);
+			setOutgoingSession(out);
+			out.run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onWriteError();
+		}
+	}
+
+	private void runIncomingSession(Priority priority) {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		// Unrecognised tags are suspicious in this case
+		if (ctx == null) {
+			LOG.warning("Unrecognised tag for returning stream");
+			onReadError();
+			return;
+		}
+		// Check that the stream comes from the expected contact
+		ContactId inContactId = ctx.getContactId();
+		if (inContactId == null) {
+			LOG.warning("Expected contact tag, got rendezvous tag");
+			onReadError();
+			return;
+		}
+		if (!contactId.equals(inContactId)) {
+			LOG.warning("Wrong contact ID for returning stream");
+			onReadError();
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onReadError();
+			return;
+		}
+		connectionRegistry.registerOutgoingConnection(contactId, transportId,
+				this, priority);
+		try {
+			// Store any transport properties discovered from the connection
+			transportPropertyManager.addRemotePropertiesFromConnection(
+					contactId, transportId, remote);
+			// We don't expect to receive a priority for this connection
+			PriorityHandler handler = p ->
+					LOG.info("Ignoring priority for outgoing connection");
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+			interruptOutgoingSession();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, false, false);
+		} catch (DbException | IOException e) {
+			logException(LOG, WARNING, e);
+			onReadError();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, false, true);
+		}
+	}
+
+	private void onReadError() {
+		// 'Recognised' is always true for outgoing connections
+		onReadError(true);
+	}
+
+	private Priority generatePriority() {
+		byte[] nonce = new byte[PRIORITY_NONCE_BYTES];
+		secureRandom.nextBytes(nonce);
+		return new Priority(nonce);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingHandshakeConnection.java

@@ -0,0 +1,115 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.Contact;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingHandshakeConnection extends HandshakeConnection
+		implements Runnable {
+
+	OutgoingHandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, handshakeManager, contactExchangeManager,
+				connectionManager, pendingContactId, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Allocate the outgoing stream context
+		StreamContext ctxOut =
+				allocateStreamContext(pendingContactId, transportId);
+		if (ctxOut == null) {
+			LOG.warning("Could not allocate stream context");
+			onError();
+			return;
+		}
+		// Flush the output stream to send the outgoing stream header
+		StreamWriter out;
+		try {
+			out = streamWriterFactory.createStreamWriter(
+					writer.getOutputStream(), ctxOut);
+			out.getOutputStream().flush();
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError();
+			return;
+		}
+		// Read and recognise the tag
+		StreamContext ctxIn = recogniseTag(reader, transportId);
+		// Unrecognised tags are suspicious in this case
+		if (ctxIn == null) {
+			LOG.warning("Unrecognised tag for returning stream");
+			onError();
+			return;
+		}
+		// Check that the stream comes from the expected pending contact
+		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+		if (inPendingContactId == null) {
+			LOG.warning("Expected rendezvous tag, got contact tag");
+			onError();
+			return;
+		}
+		if (!inPendingContactId.equals(pendingContactId)) {
+			LOG.warning("Wrong pending contact ID for returning stream");
+			onError();
+			return;
+		}
+		// Close the connection if it's redundant
+		if (!connectionRegistry.registerConnection(pendingContactId)) {
+			LOG.info("Redundant rendezvous connection");
+			onError();
+			return;
+		}
+		// Handshake and exchange contacts
+		try {
+			InputStream in = streamReaderFactory.createStreamReader(
+					reader.getInputStream(), ctxIn);
+			HandshakeResult result =
+					handshakeManager.handshake(pendingContactId, in, out);
+			Contact contact = contactExchangeManager.exchangeContacts(
+					pendingContactId, connection, result.getMasterKey(),
+					result.isAlice(), false);
+			connectionRegistry.unregisterConnection(pendingContactId, true);
+			// Reuse the connection as a transport connection
+			connectionManager.manageOutgoingConnection(contact.getId(),
+					transportId, connection);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			onError();
+			connectionRegistry.unregisterConnection(pendingContactId, false);
+		}
+	}
+
+	private void onError() {
+		// 'Recognised' is always true for outgoing connections
+		onError(true);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingSimplexSyncConnection.java

@@ -0,0 +1,78 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingSimplexSyncConnection extends SyncConnection implements Runnable {
+
+	private final ContactId contactId;
+	private final TransportId transportId;
+	private final TransportConnectionWriter writer;
+
+	OutgoingSimplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			ContactId contactId, TransportId transportId,
+			TransportConnectionWriter writer) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.contactId = contactId;
+		this.transportId = transportId;
+		this.writer = writer;
+	}
+
+	@Override
+	public void run() {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onError();
+			return;
+		}
+		try {
+			// Create and run the outgoing session
+			createSimplexOutgoingSession(ctx, writer).run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError();
+		}
+	}
+
+	private void onError() {
+		disposeOnError(writer);
+	}
+
+	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w) throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createSimplexOutgoingSession(c,
+				ctx.getTransportId(), w.getMaxLatency(), streamWriter);
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/SyncConnection.java

@@ -0,0 +1,64 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class SyncConnection extends Connection {
+
+	final SyncSessionFactory syncSessionFactory;
+	final TransportPropertyManager transportPropertyManager;
+
+	SyncConnection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory);
+		this.syncSessionFactory = syncSessionFactory;
+		this.transportPropertyManager = transportPropertyManager;
+	}
+
+	@Nullable
+	StreamContext allocateStreamContext(ContactId contactId,
+			TransportId transportId) {
+		try {
+			return keyManager.getStreamContext(contactId, transportId);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	SyncSession createIncomingSession(StreamContext ctx,
+			TransportConnectionReader r, PriorityHandler handler)
+			throws IOException {
+		InputStream streamReader = streamReaderFactory.createStreamReader(
+				r.getInputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory
+				.createIncomingSession(c, streamReader, handler);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -7,6 +7,7 @@ import net.i2p.crypto.eddsa.KeyPairGenerator;
 import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
 import org.briarproject.bramble.api.crypto.AgreementPublicKey;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.KeyStrengthener;
@@ -39,6 +40,9 @@ import static java.lang.System.arraycopy;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_PASSWORD;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.KEY_STRENGTHENER_ERROR;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -359,16 +363,17 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	@Nullable
 	public byte[] decryptWithPassword(byte[] input, String password,
-			@Nullable KeyStrengthener keyStrengthener) {
+			@Nullable KeyStrengthener keyStrengthener)
+			throws DecryptionException {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// The input contains the format version, salt, cost parameter, IV,
 		// ciphertext and MAC
 		if (input.length < 1 + PBKDF_SALT_BYTES + INT_32_BYTES
-				+ STORAGE_IV_BYTES + macBytes)
+				+ STORAGE_IV_BYTES + macBytes) {
-			return null; // Invalid input
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		int inputOff = 0;
 		// Format version
 		byte formatVersion = input[inputOff];
@@ -376,7 +381,7 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Check whether we support this format version
 		if (formatVersion != PBKDF_FORMAT_SCRYPT &&
 				formatVersion != PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
-			return null;
+			throw new DecryptionException(INVALID_CIPHERTEXT);
 		}
 		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
@@ -385,8 +390,9 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Cost parameter
 		long cost = ByteUtils.readUint32(input, inputOff);
 		inputOff += INT_32_BYTES;
-		if (cost < 2 || cost > Integer.MAX_VALUE)
+		if (cost < 2 || cost > Integer.MAX_VALUE) {
-			return null; // Invalid cost parameter
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		arraycopy(input, inputOff, iv, 0, iv.length);
@@ -394,8 +400,10 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Derive the decryption key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);
 		if (formatVersion == PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
-			if (keyStrengthener == null || !keyStrengthener.isInitialised())
+			if (keyStrengthener == null || !keyStrengthener.isInitialised()) {
-				return null; // Can't derive the same strengthened key
+				// Can't derive the same strengthened key
+				throw new DecryptionException(KEY_STRENGTHENER_ERROR);
+			}
 			key = keyStrengthener.strengthenKey(key);
 		}
 		// Initialise the cipher
@@ -411,7 +419,7 @@ class CryptoComponentImpl implements CryptoComponent {
 			cipher.process(input, inputOff, inputLen, output, 0);
 			return output;
 		} catch (GeneralSecurityException e) {
-			return null; // Invalid ciphertext
+			throw new DecryptionException(INVALID_PASSWORD);
 		}
 	}