1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
// Package utils contains various utility functions to support the
// main tools-golang packages.
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package utils
import (
"crypto/sha1"
"fmt"
"sort"
"strings"
"github.com/spdx/tools-golang/spdx/common"
"github.com/spdx/tools-golang/spdx/v2_1"
"github.com/spdx/tools-golang/spdx/v2_2"
)
// GetVerificationCode2_1 takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.1, section 3.9.4.
func GetVerificationCode2_1(files []*v2_1.File, excludeFile string) (common.PackageVerificationCode, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
}
if f.FileName != excludeFile {
// find the SHA1 hash, if present
for _, checksum := range f.Checksums {
if checksum.Algorithm == common.SHA1 {
shas = append(shas, checksum.Value)
}
}
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
code := common.PackageVerificationCode{
Value: fmt.Sprintf("%x", bs),
ExcludedFiles: []string{excludeFile},
}
return code, nil
}
// GetVerificationCode2_2 takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.2, section 3.9.4.
func GetVerificationCode2_2(files []*v2_2.File, excludeFile string) (common.PackageVerificationCode, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
}
if f.FileName != excludeFile {
// find the SHA1 hash, if present
for _, checksum := range f.Checksums {
if checksum.Algorithm == common.SHA1 {
shas = append(shas, checksum.Value)
}
}
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
code := common.PackageVerificationCode{
Value: fmt.Sprintf("%x", bs),
ExcludedFiles: []string{excludeFile},
}
return code, nil
}
|
