diff options
Diffstat (limited to 'utils')
-rw-r--r-- | utils/verification.go | 40 | ||||
-rw-r--r-- | utils/verification_test.go | 165 |
2 files changed, 205 insertions, 0 deletions
diff --git a/utils/verification.go b/utils/verification.go index bd6c875..72523b3 100644 --- a/utils/verification.go +++ b/utils/verification.go @@ -12,6 +12,7 @@ import ( "github.com/spdx/tools-golang/spdx/common" "github.com/spdx/tools-golang/spdx/v2_1" "github.com/spdx/tools-golang/spdx/v2_2" + "github.com/spdx/tools-golang/spdx/v2_3" ) // GetVerificationCode2_1 takes a slice of files and an optional filename @@ -91,3 +92,42 @@ func GetVerificationCode2_2(files []*v2_2.File, excludeFile string) (common.Pack return code, nil } + +// GetVerificationCode2_3 takes a slice of files and an optional filename +// for an "excludes" file, and returns a Package Verification Code calculated +// according to SPDX spec version 2.3, section 3.9.4. +func GetVerificationCode2_3(files []*v2_3.File, excludeFile string) (common.PackageVerificationCode, error) { + // create slice of strings - unsorted SHA1s for all files + shas := []string{} + for i, f := range files { + if f == nil { + return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) + } + if f.FileName != excludeFile { + // find the SHA1 hash, if present + for _, checksum := range f.Checksums { + if checksum.Algorithm == common.SHA1 { + shas = append(shas, checksum.Value) + } + } + } + } + + // sort the strings + sort.Strings(shas) + + // concatenate them into one string, with no trailing separators + shasConcat := strings.Join(shas, "") + + // and get its SHA1 value + hsha1 := sha1.New() + hsha1.Write([]byte(shasConcat)) + bs := hsha1.Sum(nil) + + code := common.PackageVerificationCode{ + Value: fmt.Sprintf("%x", bs), + ExcludedFiles: []string{excludeFile}, + } + + return code, nil +} diff --git a/utils/verification_test.go b/utils/verification_test.go index 3fa4ead..beee8b6 100644 --- a/utils/verification_test.go +++ b/utils/verification_test.go @@ -8,6 +8,7 @@ import ( "github.com/spdx/tools-golang/spdx/common" "github.com/spdx/tools-golang/spdx/v2_1" "github.com/spdx/tools-golang/spdx/v2_2" + "github.com/spdx/tools-golang/spdx/v2_3" ) // ===== 2.1 Verification code functionality tests ===== @@ -277,3 +278,167 @@ func TestPackage2_2GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { t.Fatalf("expected non-nil error, got nil") } } + +// ===== 2.3 Verification code functionality tests ===== + +func TestPackage2_3CanGetVerificationCode(t *testing.T) { + files := []*v2_3.File{ + { + FileName: "file2.txt", + FileSPDXIdentifier: "File0", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "file1.txt", + FileSPDXIdentifier: "File1", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "file3.txt", + FileSPDXIdentifier: "File2", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "file5.txt", + FileSPDXIdentifier: "File3", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "file4.txt", + FileSPDXIdentifier: "File4", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + }, + }, + }, + } + + wantCode := common.PackageVerificationCode{Value: "ac924b375119c81c1f08c3e2722044bfbbdcd3dc"} + + gotCode, err := GetVerificationCode2_3(files, "") + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + if wantCode.Value != gotCode.Value { + t.Errorf("expected %v, got %v", wantCode, gotCode) + } + +} + +func TestPackage2_3CanGetVerificationCodeIgnoringExcludesFile(t *testing.T) { + files := []*v2_3.File{ + { + FileName: "file1.txt", + FileSPDXIdentifier: "File0", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "file2.txt", + FileSPDXIdentifier: "File1", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "3333333333bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "thisfile.spdx", + FileSPDXIdentifier: "File2", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "bbbbbbbbbbccccccccccddddddddddaaaaaaaaaa", + }, + }, + }, + { + FileName: "file3.txt", + FileSPDXIdentifier: "File3", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + { + FileName: "file4.txt", + FileSPDXIdentifier: "File4", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "2222222222bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + } + + wantCode := common.PackageVerificationCode{Value: "17fab1bd18fe5c13b5d3983f1c17e5f88b8ff266"} + + gotCode, err := GetVerificationCode2_3(files, "thisfile.spdx") + if err != nil { + t.Fatalf("expected nil error, got %v", err) + } + if wantCode.Value != gotCode.Value { + t.Errorf("expected %v, got %v", wantCode, gotCode) + } +} + +func TestPackage2_3GetVerificationCodeFailsIfNilFileInSlice(t *testing.T) { + files := []*v2_3.File{ + { + FileName: "file2.txt", + FileSPDXIdentifier: "File0", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + nil, + { + FileName: "file3.txt", + FileSPDXIdentifier: "File2", + Checksums: []common.Checksum{ + { + Algorithm: common.SHA1, + Value: "8888888888bbbbbbbbbbccccccccccdddddddddd", + }, + }, + }, + } + + _, err := GetVerificationCode2_3(files, "") + if err == nil { + t.Fatalf("expected non-nil error, got nil") + } +} |