2 files changed, 136 insertions, 1 deletions

diff --git a/utils/verification.go b/utils/verification.go
index 09907e6..2d55e16 100644
--- a/utils/verification.go
+++ b/utils/verification.go
@@ -41,3 +41,33 @@ func GetVerificationCode2_1(files map[spdx.ElementID]*spdx.File2_1, excludeFile
 
 	return code, nil
 }
+
+// GetVerificationCode2_2 takes a slice of files and an optional filename
+// for an "excludes" file, and returns a Package Verification Code calculated
+// according to SPDX spec version 2.2, section 3.9.4.
+func GetVerificationCode2_2(files map[spdx.ElementID]*spdx.File2_2, excludeFile string) (string, error) {
+	// create slice of strings - unsorted SHA1s for all files
+	shas := []string{}
+	for i, f := range files {
+		if f == nil {
+			return "", fmt.Errorf("got nil file for identifier %v", i)
+		}
+		if f.FileName != excludeFile {
+			shas = append(shas, f.FileChecksumSHA1)
+		}
+	}
+
+	// sort the strings
+	sort.Strings(shas)
+
+	// concatenate them into one string, with no trailing separators
+	shasConcat := strings.Join(shas, "")
+
+	// and get its SHA1 value
+	hsha1 := sha1.New()
+	hsha1.Write([]byte(shasConcat))
+	bs := hsha1.Sum(nil)
+	code := fmt.Sprintf("%x", bs)
+
+	return code, nil
+}
diff --git a/utils/verification_test.go b/utils/verification_test.go
index 5dd807c..7f95d3c 100644
--- a/utils/verification_test.go
+++ b/utils/verification_test.go
@@ -8,7 +8,7 @@ import (
 	"github.com/spdx/tools-golang/spdx"
 )
 
-// ===== Verification code functionality tests =====
+// ===== 2.1 Verification code functionality tests =====
 
 func TestPackage2_1CanGetVerificationCode(t *testing.T) {
 	files := map[spdx.ElementID]*spdx.File2_1{
@@ -112,3 +112,108 @@ func TestPackage2_1GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) {
 		t.Fatalf("expected non-nil error, got nil")
 	}
 }
+
+// ===== 2.2 Verification code functionality tests =====
+
+func TestPackage2_2CanGetVerificationCode(t *testing.T) {
+	files := map[spdx.ElementID]*spdx.File2_2{
+		"File0": &spdx.File2_2{
+			FileName:           "file2.txt",
+			FileSPDXIdentifier: "File0",
+			FileChecksumSHA1:   "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd",
+		},
+		"File1": &spdx.File2_2{
+			FileName:           "file1.txt",
+			FileSPDXIdentifier: "File1",
+			FileChecksumSHA1:   "3333333333bbbbbbbbbbccccccccccdddddddddd",
+		},
+		"File2": &spdx.File2_2{
+			FileName:           "file3.txt",
+			FileSPDXIdentifier: "File2",
+			FileChecksumSHA1:   "8888888888bbbbbbbbbbccccccccccdddddddddd",
+		},
+		"File3": &spdx.File2_2{
+			FileName:           "file5.txt",
+			FileSPDXIdentifier: "File3",
+			FileChecksumSHA1:   "2222222222bbbbbbbbbbccccccccccdddddddddd",
+		},
+		"File4": &spdx.File2_2{
+			FileName:           "file4.txt",
+			FileSPDXIdentifier: "File4",
+			FileChecksumSHA1:   "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa",
+		},
+	}
+
+	wantCode := "ac924b375119c81c1f08c3e2722044bfbbdcd3dc"
+
+	gotCode, err := GetVerificationCode2_2(files, "")
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+	if wantCode != gotCode {
+		t.Errorf("expected %v, got %v", wantCode, gotCode)
+	}
+
+}
+
+func TestPackage2_2CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) {
+	files := map[spdx.ElementID]*spdx.File2_2{
+		spdx.ElementID("File0"): &spdx.File2_2{
+			FileName:           "file1.txt",
+			FileSPDXIdentifier: "File0",
+			FileChecksumSHA1:   "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd",
+		},
+		spdx.ElementID("File1"): &spdx.File2_2{
+			FileName:           "file2.txt",
+			FileSPDXIdentifier: "File1",
+			FileChecksumSHA1:   "3333333333bbbbbbbbbbccccccccccdddddddddd",
+		},
+		spdx.ElementID("File2"): &spdx.File2_2{
+			FileName:           "thisfile.spdx",
+			FileSPDXIdentifier: "File2",
+			FileChecksumSHA1:   "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa",
+		},
+		spdx.ElementID("File3"): &spdx.File2_2{
+			FileName:           "file3.txt",
+			FileSPDXIdentifier: "File3",
+			FileChecksumSHA1:   "8888888888bbbbbbbbbbccccccccccdddddddddd",
+		},
+		spdx.ElementID("File4"): &spdx.File2_2{
+			FileName:           "file4.txt",
+			FileSPDXIdentifier: "File4",
+			FileChecksumSHA1:   "2222222222bbbbbbbbbbccccccccccdddddddddd",
+		},
+	}
+
+	wantCode := "17fab1bd18fe5c13b5d3983f1c17e5f88b8ff266"
+
+	gotCode, err := GetVerificationCode2_2(files, "thisfile.spdx")
+	if err != nil {
+		t.Fatalf("expected nil error, got %v", err)
+	}
+	if wantCode != gotCode {
+		t.Errorf("expected %v, got %v", wantCode, gotCode)
+	}
+
+}
+
+func TestPackage2_2GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) {
+	files := map[spdx.ElementID]*spdx.File2_2{
+		spdx.ElementID("File0"): &spdx.File2_2{
+			FileName:           "file2.txt",
+			FileSPDXIdentifier: "File0",
+			FileChecksumSHA1:   "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd",
+		},
+		spdx.ElementID("File1"): nil,
+		spdx.ElementID("File2"): &spdx.File2_2{
+			FileName:           "file3.txt",
+			FileSPDXIdentifier: "File2",
+			FileChecksumSHA1:   "8888888888bbbbbbbbbbccccccccccdddddddddd",
+		},
+	}
+
+	_, err := GetVerificationCode2_2(files, "")
+	if err == nil {
+		t.Fatalf("expected non-nil error, got nil")
+	}
+}