/
verification.go
58 lines (49 loc) · 1.5 KB
/
verification.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
// Package utils contains various utility functions to support the
// main tools-golang packages.
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package utils
import (
"crypto/sha1"
"fmt"
"sort"
"strings"
"github.com/spdx/tools-golang/spdx"
"github.com/spdx/tools-golang/spdx/v2/common"
)
// GetVerificationCode takes a slice of files and an optional filename
// for an "excludes" file, and returns a Package Verification Code calculated
// according to SPDX spec version 2.3, section 3.9.4.
func GetVerificationCode(files []*spdx.File, excludeFile string) (common.PackageVerificationCode, error) {
// create slice of strings - unsorted SHA1s for all files
shas := []string{}
for i, f := range files {
if f == nil {
return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i)
}
if f.FileName != excludeFile {
// find the SHA1 hash, if present
for _, checksum := range f.Checksums {
if checksum.Algorithm == common.SHA1 {
shas = append(shas, checksum.Value)
}
}
}
}
// sort the strings
sort.Strings(shas)
// concatenate them into one string, with no trailing separators
shasConcat := strings.Join(shas, "")
// and get its SHA1 value
hsha1 := sha1.New()
hsha1.Write([]byte(shasConcat))
bs := hsha1.Sum(nil)
var excludedFiles []string
if excludeFile != "" {
excludedFiles = []string{excludeFile}
}
code := common.PackageVerificationCode{
Value: fmt.Sprintf("%x", bs),
ExcludedFiles: excludedFiles,
}
return code, nil
}