1*ba677afaSXin Li// Package utils contains various utility functions to support the 2*ba677afaSXin Li// main tools-golang packages. 3*ba677afaSXin Li// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 4*ba677afaSXin Lipackage utils 5*ba677afaSXin Li 6*ba677afaSXin Liimport ( 7*ba677afaSXin Li "crypto/sha1" 8*ba677afaSXin Li "fmt" 9*ba677afaSXin Li "sort" 10*ba677afaSXin Li "strings" 11*ba677afaSXin Li 12*ba677afaSXin Li "github.com/spdx/tools-golang/spdx/common" 13*ba677afaSXin Li "github.com/spdx/tools-golang/spdx/v2_1" 14*ba677afaSXin Li "github.com/spdx/tools-golang/spdx/v2_2" 15*ba677afaSXin Li "github.com/spdx/tools-golang/spdx/v2_3" 16*ba677afaSXin Li) 17*ba677afaSXin Li 18*ba677afaSXin Li// GetVerificationCode2_1 takes a slice of files and an optional filename 19*ba677afaSXin Li// for an "excludes" file, and returns a Package Verification Code calculated 20*ba677afaSXin Li// according to SPDX spec version 2.1, section 3.9.4. 21*ba677afaSXin Lifunc GetVerificationCode2_1(files []*v2_1.File, excludeFile string) (common.PackageVerificationCode, error) { 22*ba677afaSXin Li // create slice of strings - unsorted SHA1s for all files 23*ba677afaSXin Li shas := []string{} 24*ba677afaSXin Li for i, f := range files { 25*ba677afaSXin Li if f == nil { 26*ba677afaSXin Li return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) 27*ba677afaSXin Li } 28*ba677afaSXin Li if f.FileName != excludeFile { 29*ba677afaSXin Li // find the SHA1 hash, if present 30*ba677afaSXin Li for _, checksum := range f.Checksums { 31*ba677afaSXin Li if checksum.Algorithm == common.SHA1 { 32*ba677afaSXin Li shas = append(shas, checksum.Value) 33*ba677afaSXin Li } 34*ba677afaSXin Li } 35*ba677afaSXin Li } 36*ba677afaSXin Li } 37*ba677afaSXin Li 38*ba677afaSXin Li // sort the strings 39*ba677afaSXin Li sort.Strings(shas) 40*ba677afaSXin Li 41*ba677afaSXin Li // concatenate them into one string, with no trailing separators 42*ba677afaSXin Li shasConcat := strings.Join(shas, "") 43*ba677afaSXin Li 44*ba677afaSXin Li // and get its SHA1 value 45*ba677afaSXin Li hsha1 := sha1.New() 46*ba677afaSXin Li hsha1.Write([]byte(shasConcat)) 47*ba677afaSXin Li bs := hsha1.Sum(nil) 48*ba677afaSXin Li 49*ba677afaSXin Li code := common.PackageVerificationCode{ 50*ba677afaSXin Li Value: fmt.Sprintf("%x", bs), 51*ba677afaSXin Li ExcludedFiles: []string{excludeFile}, 52*ba677afaSXin Li } 53*ba677afaSXin Li 54*ba677afaSXin Li return code, nil 55*ba677afaSXin Li} 56*ba677afaSXin Li 57*ba677afaSXin Li// GetVerificationCode2_2 takes a slice of files and an optional filename 58*ba677afaSXin Li// for an "excludes" file, and returns a Package Verification Code calculated 59*ba677afaSXin Li// according to SPDX spec version 2.2, section 3.9.4. 60*ba677afaSXin Lifunc GetVerificationCode2_2(files []*v2_2.File, excludeFile string) (common.PackageVerificationCode, error) { 61*ba677afaSXin Li // create slice of strings - unsorted SHA1s for all files 62*ba677afaSXin Li shas := []string{} 63*ba677afaSXin Li for i, f := range files { 64*ba677afaSXin Li if f == nil { 65*ba677afaSXin Li return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) 66*ba677afaSXin Li } 67*ba677afaSXin Li if f.FileName != excludeFile { 68*ba677afaSXin Li // find the SHA1 hash, if present 69*ba677afaSXin Li for _, checksum := range f.Checksums { 70*ba677afaSXin Li if checksum.Algorithm == common.SHA1 { 71*ba677afaSXin Li shas = append(shas, checksum.Value) 72*ba677afaSXin Li } 73*ba677afaSXin Li } 74*ba677afaSXin Li } 75*ba677afaSXin Li } 76*ba677afaSXin Li 77*ba677afaSXin Li // sort the strings 78*ba677afaSXin Li sort.Strings(shas) 79*ba677afaSXin Li 80*ba677afaSXin Li // concatenate them into one string, with no trailing separators 81*ba677afaSXin Li shasConcat := strings.Join(shas, "") 82*ba677afaSXin Li 83*ba677afaSXin Li // and get its SHA1 value 84*ba677afaSXin Li hsha1 := sha1.New() 85*ba677afaSXin Li hsha1.Write([]byte(shasConcat)) 86*ba677afaSXin Li bs := hsha1.Sum(nil) 87*ba677afaSXin Li 88*ba677afaSXin Li code := common.PackageVerificationCode{ 89*ba677afaSXin Li Value: fmt.Sprintf("%x", bs), 90*ba677afaSXin Li ExcludedFiles: []string{excludeFile}, 91*ba677afaSXin Li } 92*ba677afaSXin Li 93*ba677afaSXin Li return code, nil 94*ba677afaSXin Li} 95*ba677afaSXin Li 96*ba677afaSXin Li// GetVerificationCode2_3 takes a slice of files and an optional filename 97*ba677afaSXin Li// for an "excludes" file, and returns a Package Verification Code calculated 98*ba677afaSXin Li// according to SPDX spec version 2.3, section 3.9.4. 99*ba677afaSXin Lifunc GetVerificationCode2_3(files []*v2_3.File, excludeFile string) (common.PackageVerificationCode, error) { 100*ba677afaSXin Li // create slice of strings - unsorted SHA1s for all files 101*ba677afaSXin Li shas := []string{} 102*ba677afaSXin Li for i, f := range files { 103*ba677afaSXin Li if f == nil { 104*ba677afaSXin Li return common.PackageVerificationCode{}, fmt.Errorf("got nil file for identifier %v", i) 105*ba677afaSXin Li } 106*ba677afaSXin Li if f.FileName != excludeFile { 107*ba677afaSXin Li // find the SHA1 hash, if present 108*ba677afaSXin Li for _, checksum := range f.Checksums { 109*ba677afaSXin Li if checksum.Algorithm == common.SHA1 { 110*ba677afaSXin Li shas = append(shas, checksum.Value) 111*ba677afaSXin Li } 112*ba677afaSXin Li } 113*ba677afaSXin Li } 114*ba677afaSXin Li } 115*ba677afaSXin Li 116*ba677afaSXin Li // sort the strings 117*ba677afaSXin Li sort.Strings(shas) 118*ba677afaSXin Li 119*ba677afaSXin Li // concatenate them into one string, with no trailing separators 120*ba677afaSXin Li shasConcat := strings.Join(shas, "") 121*ba677afaSXin Li 122*ba677afaSXin Li // and get its SHA1 value 123*ba677afaSXin Li hsha1 := sha1.New() 124*ba677afaSXin Li hsha1.Write([]byte(shasConcat)) 125*ba677afaSXin Li bs := hsha1.Sum(nil) 126*ba677afaSXin Li 127*ba677afaSXin Li code := common.PackageVerificationCode{ 128*ba677afaSXin Li Value: fmt.Sprintf("%x", bs), 129*ba677afaSXin Li ExcludedFiles: []string{excludeFile}, 130*ba677afaSXin Li } 131*ba677afaSXin Li 132*ba677afaSXin Li return code, nil 133*ba677afaSXin Li} 134