hashValue with valid HEX and length that matched the algorithm

[ilans]

From HashAlgorithm:

{'adler32': 8}

{'blake2b256': 64}

{'blake2b384': 96}

{'blake2b512': 128}

{'blake3': '64...'}

{'crystalsDilithium': [2624, 3904, 4840, 5056, 5184, 6586, 8000, 9190, 9728]}

{'crystalsKyber': [1600, 1536, 2176, 2368, 3136, 3264, 4800, 6336]}

{'falcon': [1332, 1504, 1794, 2560, 2562, 2924, 3586, 4610]}

{'md2': 32}

{'md4': 32}

{'md5': 32}

{'md6': '1..128'}

{'sha1': 40}

{'sha224': 56}

{'sha256': 64}

{'sha384': 96}

{'sha3_224': 56}

{'sha3_256': 64}

{'sha3_384': 96}

{'sha3_512': 128}

{'sha512': 128}

{'other': '...'}

Suggested SHACL shapes:

@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix spdxcore: <https://spdx.org/rdf/3.0.1/terms/Core/> .

spdxcore:HashValueLengthShape
    a sh:NodeShape ;
    sh:targetClass spdxcore:Hash, spdxcore:PackageVerificationCode ;
    sh:property [
        sh:path spdxcore:hashValue ;
        sh:pattern "^[0-9a-fA-F]+$" ;
        sh:message "Invalid hash value."@en ;
    ] ,
    [
        sh:path spdxcore:hashValue ;
        sh:sparql [
            sh:prefixes [
                sh:declare [ sh:prefix "spdxcore" ; sh:namespace "https://spdx.org/rdf/3.0.1/terms/Core/" ] ;
                sh:declare [ sh:prefix "spdxhashalgo" ; sh:namespace "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/" ] ;
            ] ;
            sh:select """
                SELECT $this ?algorithm ?hashValueLength ?expectedLengths
                WHERE {
                    $this spdxcore:algorithm ?algorithm ;
                          spdxcore:hashValue ?hashValue .
                    BIND (strlen(?hashValue) AS ?hashValueLength)
                    FILTER (
                        ( ?algorithm = spdxhashalgo:adler32 && ?hashValueLength != 8 ) ||
                        ( ?algorithm = spdxhashalgo:blake2b256 && ?hashValueLength != 64 ) ||
                        ( ?algorithm = spdxhashalgo:blake2b384 && ?hashValueLength != 96 ) ||
                        ( ?algorithm = spdxhashalgo:blake2b512 && ?hashValueLength != 128 ) ||
                        ( ?algorithm = spdxhashalgo:blake3 && ?hashValueLength != 64 ) ||
                        ( ?algorithm = spdxhashalgo:crystalsDilithium && !( ?hashValueLength IN (2624, 3904, 4840, 5056, 5184, 6586, 8000, 9190, 9728) ) ) ||
                        ( ?algorithm = spdxhashalgo:crystalsKyber && !( ?hashValueLength IN (1536, 1600, 2176, 2368, 3136, 3264, 4800, 6336) ) ) ||
                        ( ?algorithm = spdxhashalgo:falcon && !( ?hashValueLength IN (1332, 1504, 1794, 2560, 2562, 2924, 3586, 4610) ) ) ||
                        ( ?algorithm = spdxhashalgo:md2 && ?hashValueLength != 32 ) ||
                        ( ?algorithm = spdxhashalgo:md4 && ?hashValueLength != 32 ) ||
                        ( ?algorithm = spdxhashalgo:md5 && ?hashValueLength != 32 ) ||
                        ( ?algorithm = spdxhashalgo:md6 && !( ?hashValueLength >= 1 && ?hashValueLength <= 128 ) ) ||
                        ( ?algorithm = spdxhashalgo:sha1 && ?hashValueLength != 40 ) ||
                        ( ?algorithm = spdxhashalgo:sha224 && ?hashValueLength != 56 ) ||
                        ( ?algorithm = spdxhashalgo:sha256 && ?hashValueLength != 64 ) ||
                        ( ?algorithm = spdxhashalgo:sha384 && ?hashValueLength != 96 ) ||
                        ( ?algorithm = spdxhashalgo:sha3_224 && ?hashValueLength != 56 ) ||
                        ( ?algorithm = spdxhashalgo:sha3_256 && ?hashValueLength != 64 ) ||
                        ( ?algorithm = spdxhashalgo:sha3_384 && ?hashValueLength != 96 ) ||
                        ( ?algorithm = spdxhashalgo:sha3_512 && ?hashValueLength != 128 ) ||
                        ( ?algorithm = spdxhashalgo:sha512 && ?hashValueLength != 128 )
                    )
                }
            """
        ] ;
        sh:message "Invalid hash value length ({$hashValueLength} characters) for algorithm {$algorithm}."@en ;
    ] .

Test data:

@prefix ex: <http://example.org/ns#> .
@prefix spdxcore: <https://spdx.org/rdf/3.0.1/terms/Core/> .
@prefix spdxhashalgo: <https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/> .

ex:ValidHashValue
    a spdxcore:Hash ;
    spdxcore:algorithm spdxhashalgo:adler32 ;
    spdxcore:hashValue "12345678" .

ex:InvalidHashValue
    a spdxcore:Hash ;
    spdxcore:algorithm spdxhashalgo:adler32 ;
    spdxcore:hashValue "y2t4q6h8" .

ex:InvalidHashValueLengthForAlgorithm
    a spdxcore:Hash ;
    spdxcore:algorithm spdxhashalgo:adler32 ;
    spdxcore:hashValue "1234" .

ex:ValidOtherHashValue
    a spdxcore:Hash ;
    spdxcore:algorithm spdxhashalgo:other ;
    spdxcore:hashValue "1" .

Test script:
https://raw.githubusercontent.com/condots/dots/refs/heads/main/scripts/shacl/test.py

Test results:

----------------------------------------------------------------------------------------------------
Severity: sh:Violation
Source Shape: nbf11a27ed06745c58bac9d71a8aecfbab525
Focus Node: ex:InvalidHashValue
Value Node: y2t4q6h8
Result Path: spdxcore:hashValue
Message: Invalid hash value.
----------------------------------------------------------------------------------------------------
Severity: sh:Violation
Source Shape: nbf11a27ed06745c58bac9d71a8aecfbab526
Focus Node: ex:InvalidHashValueLengthForAlgorithm
Value Node: None
Result Path: spdxcore:hashValue
Message: Invalid hash value length (4 characters) for algorithm spdxcore:HashAlgorithm/adler32.
----------------------------------------------------------------------------------------------------
Found 2 SHACL violations!

[ilans]

For conformance, I suggest to require the hex string to be lower case. This is a common requirement.