chore: add builder and verification functions for 2.3

Signed-off-by: Keith Zantow <kzantow@gmail.com>

1 files changed, 40 insertions, 0 deletions

diff --git a/utils/verification.go b/utils/verification.go
index bd6c875..72523b3 100644
--- a/utils/verification.go
+++ b/utils/verification.go
@@ -12,6 +12,7 @@ import (
 	"github.com/spdx/tools-golang/spdx/common"
 	"github.com/spdx/tools-golang/spdx/v2_1"
 	"github.com/spdx/tools-golang/spdx/v2_2"
+	"github.com/spdx/tools-golang/spdx/v2_3"
 )
 
 // GetVerificationCode2_1 takes a slice of files and an optional filename
@@ -91,3 +92,42 @@ func GetVerificationCode2_2(files []*v2_2.File, excludeFile string) (common.Pack
 
 	return code, nil
 }
+
+// GetVerificationCode2_3 takes a slice of files and an optional filename
+// for an "excludes" file, and returns a Package Verification Code calculated
+// according to SPDX spec version 2.3, section 3.9.4.
+func GetVerificationCode2_3(files []*v2_3.File, excludeFile string) (common.PackageVerificationCode, error) {
+	// create slice of strings - unsorted SHA1s for all files
+	shas := []string{}
+	for i, f := range files {
+		if f == nil {
+			return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
+		}
+		if f.FileName != excludeFile {
+			// find the SHA1 hash, if present
+			for _, checksum := range f.Checksums {
+				if checksum.Algorithm == common.SHA1 {
+					shas = append(shas, checksum.Value)
+				}
+			}
+		}
+	}
+
+	// sort the strings
+	sort.Strings(shas)
+
+	// concatenate them into one string, with no trailing separators
+	shasConcat := strings.Join(shas, "")
+
+	// and get its SHA1 value
+	hsha1 := sha1.New()
+	hsha1.Write([]byte(shasConcat))
+	bs := hsha1.Sum(nil)
+
+	code := common.PackageVerificationCode{
+		Value:         fmt.Sprintf("%x", bs),
+		ExcludedFiles: []string{excludeFile},
+	}
+
+	return code, nil
+}