From fc786280fdd7187f1828a4c7fa4d719de902a374 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 26 Jan 2015 17:33:40 +0100
Subject: [PATCH] Fixes for detached signatures

---
 .../keychain/pgp/PgpSignEncrypt.java          | 35 ++++++++++++++-----
 .../keychain/remote/OpenPgpService.java       | 12 +++++--
 2 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
index 3c6c86338..5282deca4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
@@ -428,6 +428,7 @@ public class PgpSignEncrypt extends BaseOperation {
         BCPGOutputStream bcpgOut;
 
         ByteArrayOutputStream detachedByteOut = null;
+        ArmoredOutputStream detachedArmorOut = null;
         BCPGOutputStream detachedBcpgOut = null;
 
         try {
@@ -535,7 +536,12 @@ public class PgpSignEncrypt extends BaseOperation {
                 detachedByteOut = new ByteArrayOutputStream();
                 OutputStream detachedOut = detachedByteOut;
                 if (mEnableAsciiArmorOutput) {
-                    detachedOut = new ArmoredOutputStream(detachedOut);
+                    detachedArmorOut = new ArmoredOutputStream(detachedOut);
+                    if (mVersionHeader != null) {
+                        detachedArmorOut.setHeader("Version", mVersionHeader);
+                    }
+
+                    detachedOut = detachedArmorOut;
                 }
                 detachedBcpgOut = new BCPGOutputStream(detachedOut);
 
@@ -614,27 +620,38 @@ public class PgpSignEncrypt extends BaseOperation {
                     // Note that the checked key here is the master key, not the signing key
                     // (although these are always the same on Yubikeys)
                     result.setNfcData(mSignatureSubKeyId, e.hashToSign, e.hashAlgo, e.creationTimestamp, mSignaturePassphrase);
-                    Log.d(Constants.TAG, "e.hashToSign"+ Hex.toHexString(e.hashToSign));
+                    Log.d(Constants.TAG, "e.hashToSign" + Hex.toHexString(e.hashToSign));
                     return result;
                 }
             }
 
             // closing outputs
             // NOTE: closing needs to be done in the correct order!
-            // TODO: closing bcpgOut and pOut???
-            if (enableEncryption) {
-                if (enableCompression) {
+            if (encryptionOut != null) {
+                if (compressGen != null) {
                     compressGen.close();
                 }
 
                 encryptionOut.close();
             }
-            if (mEnableAsciiArmorOutput) {
+            // Note: Closing ArmoredOutputStream does not close the underlying stream
+            if (armorOut != null) {
                 armorOut.close();
             }
-
-            out.close();
-            mOutStream.close();
+            // Note: Closing ArmoredOutputStream does not close the underlying stream
+            if (detachedArmorOut != null) {
+                detachedArmorOut.close();
+            }
+            // Also closes detachedBcpgOut
+            if (detachedByteOut != null) {
+                detachedByteOut.close();
+            }
+            if (out != null) {
+                out.close();
+            }
+            if (mOutStream != null) {
+                mOutStream.close();
+            }
 
         } catch (SignatureException e) {
             log.add(LogType.MSG_SE_ERROR_SIG, indent);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index f2af43b6f..6c36e1ab8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -244,7 +244,12 @@ public class OpenPgpService extends RemoteService {
 
             // Get Input- and OutputStream from ParcelFileDescriptor
             InputStream is = new ParcelFileDescriptor.AutoCloseInputStream(input);
-            OutputStream os = new ParcelFileDescriptor.AutoCloseOutputStream(output);
+            OutputStream os = null;
+            if (cleartextSign) {
+                // output stream only needed for cleartext signatures,
+                // detached signatures are returned as extra
+                os = new ParcelFileDescriptor.AutoCloseOutputStream(output);
+            }
             try {
                 long inputLength = is.available();
                 InputData inputData = new InputData(is, inputLength);
@@ -325,7 +330,9 @@ public class OpenPgpService extends RemoteService {
                 }
             } finally {
                 is.close();
-                os.close();
+                if (os != null) {
+                    os.close();
+                }
             }
         } catch (Exception e) {
             Log.d(Constants.TAG, "signImpl", e);
@@ -720,6 +727,7 @@ public class OpenPgpService extends RemoteService {
                 return signImpl(data, input, output, accSettings, true);
             } else if (OpenPgpApi.ACTION_SIGN.equals(action)) {
                 // DEPRECATED: same as ACTION_CLEARTEXT_SIGN
+                Log.w(Constants.TAG, "You are using a deprecated API call, please use ACTION_CLEARTEXT_SIGN instead of ACTION_SIGN!");
                 return signImpl(data, input, output, accSettings, true);
             } else if (OpenPgpApi.ACTION_DETACHED_SIGN.equals(action)) {
                 return signImpl(data, input, output, accSettings, false);