1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
// Package utils contains various utility functions to support the
// main tools-golang packages.
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package utils
import (
"crypto/sha1"
"fmt"
"sort"
"strings"
"github.com/spdx/tools-golang/spdx/common"
"github.com/spdx/tools-golang/spdx/v2_1"
"github.com/spdx/tools-golang/spdx/v2_2"
"github.com/spdx/tools-golang/spdx/v2_3"
)
// GetVerificationCode2_1 takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.1, section 3.9.4.
func GetVerificationCode2_1(files []*v2_1.File, excludeFile string) (common.PackageVerificationCode, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
}
if f.FileName != excludeFile {
// find the SHA1 hash, if present
for _, checksum := range f.Checksums {
if checksum.Algorithm == common.SHA1 {
shas = append(shas, checksum.Value)
}
}
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
code := common.PackageVerificationCode{
Value: fmt.Sprintf("%x", bs),
ExcludedFiles: []string{excludeFile},
}
return code, nil
}
// GetVerificationCode2_2 takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.2, section 3.9.4.
func GetVerificationCode2_2(files []*v2_2.File, excludeFile string) (common.PackageVerificationCode, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
}
if f.FileName != excludeFile {
// find the SHA1 hash, if present
for _, checksum := range f.Checksums {
if checksum.Algorithm == common.SHA1 {
shas = append(shas, checksum.Value)
}
}
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
code := common.PackageVerificationCode{
Value: fmt.Sprintf("%x", bs),
ExcludedFiles: []string{excludeFile},
}
return code, nil
}
// GetVerificationCode2_3 takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.3, section 3.9.4.
func GetVerificationCode2_3(files []*v2_3.File, excludeFile string) (common.PackageVerificationCode, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
}
if f.FileName != excludeFile {
// find the SHA1 hash, if present
for _, checksum := range f.Checksums {
if checksum.Algorithm == common.SHA1 {
shas = append(shas, checksum.Value)
}
}
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
code := common.PackageVerificationCode{
Value: fmt.Sprintf("%x", bs),
ExcludedFiles: []string{excludeFile},
}
return code, nil
}
|
