diff options
author | Keith Zantow <kzantow@gmail.com> | 2022-10-07 15:36:32 -0400 |
---|---|---|
committer | Keith Zantow <kzantow@gmail.com> | 2022-10-07 15:36:32 -0400 |
commit | b57c493f0652477bf3764be7273eab6ff11d1eb1 (patch) | |
tree | 2ce0bc41c7f9b6c9a40715565c49c1cbf190716d /utils/verification.go | |
parent | be2eb824595afe28c87c9a33c2da565480d1eb54 (diff) | |
download | spdx-tools-b57c493f0652477bf3764be7273eab6ff11d1eb1.tar.gz |
chore: add builder and verification functions for 2.3
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Diffstat (limited to 'utils/verification.go')
-rw-r--r-- | utils/verification.go | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/utils/verification.go b/utils/verification.go index bd6c875..72523b3 100644 --- a/utils/verification.go +++ b/utils/verification.go @@ -12,6 +12,7 @@ import ( "github.com/spdx/tools-golang/spdx/common" "github.com/spdx/tools-golang/spdx/v2_1" "github.com/spdx/tools-golang/spdx/v2_2" + "github.com/spdx/tools-golang/spdx/v2_3" ) // GetVerificationCode2_1 takes a slice of files and an optional filename @@ -91,3 +92,42 @@ func GetVerificationCode2_2(files []*v2_2.File, excludeFile string) (common.Pack return code, nil } + +// GetVerificationCode2_3 takes a slice of files and an optional filename +// for an "excludes" file, and returns a Package Verification Code calculated +// according to SPDX spec version 2.3, section 3.9.4. +func GetVerificationCode2_3(files []*v2_3.File, excludeFile string) (common.PackageVerificationCode, error) { + // create slice of strings - unsorted SHA1s for all files + shas := []string{} + for i, f := range files { + if f == nil { + return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) + } + if f.FileName != excludeFile { + // find the SHA1 hash, if present + for _, checksum := range f.Checksums { + if checksum.Algorithm == common.SHA1 { + shas = append(shas, checksum.Value) + } + } + } + } + + // sort the strings + sort.Strings(shas) + + // concatenate them into one string, with no trailing separators + shasConcat := strings.Join(shas, "") + + // and get its SHA1 value + hsha1 := sha1.New() + hsha1.Write([]byte(shasConcat)) + bs := hsha1.Sum(nil) + + code := common.PackageVerificationCode{ + Value: fmt.Sprintf("%x", bs), + ExcludedFiles: []string{excludeFile}, + } + + return code, nil +} |