blob: 5fbf62b4ea9da1e8632a1db16af63488d4e2258e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
// Package utils contains various utility functions to support the
// main tools-golang packages.
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package utils
import (
"crypto/sha1"
"fmt"
"sort"
"strings"
"github.com/spdx/tools-golang/spdx"
)
// GetVerificationCode2_1 takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.1, section 3.9.4.
func GetVerificationCode2_1(files []*spdx.File2_1, excludeFile string) (string, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return "", fmt.Errorf("got nil file in index %d", i)
}
if f.FileName != excludeFile {
shas = append(shas, f.FileChecksumSHA1)
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
code := fmt.Sprintf("%x", bs)
return code, nil
}
|
