From 4c85896bf655b8334b20d7bfbffa010607a5bd8c Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Mon, 3 Apr 2023 14:51:32 +0200
Subject: [PATCH] streamline licenses: make JSON meat XML constriant

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 schema/bom-1.5.schema.json | 67 ++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 31 deletions(-)

diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
index f5ae5509..ff7a595e 100644
--- a/schema/bom-1.5.schema.json
+++ b/schema/bom-1.5.schema.json
@@ -194,10 +194,8 @@
           "$ref": "#/definitions/organizationalEntity"
         },
         "licenses": {
-          "type": "array",
           "title": "BOM License(s)",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"}
+          "$ref": "#/definitions/licenseChoice"
         },
         "properties": {
           "type": "array",
@@ -404,9 +402,7 @@
           "items": {"$ref": "#/definitions/hash"}
         },
         "licenses": {
-          "type": "array",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"},
+          "$ref": "#/definitions/licenseChoice",
           "title": "Component License(s)"
         },
         "copyright": {
@@ -845,28 +841,41 @@
       }
     },
     "licenseChoice": {
-      "type": "object",
-      "title": "License(s)",
-      "additionalProperties": false,
-      "properties": {
-        "license": {
-          "$ref": "#/definitions/license"
-        },
-        "expression": {
-          "type": "string",
-          "title": "SPDX License Expression",
-          "examples": [
-            "Apache-2.0 AND (MIT OR GPL-2.0-only)",
-            "GPL-3.0-only WITH Classpath-exception-2.0"
-          ]
-        }
-      },
-      "oneOf":[
+      "type": "array",
+      "title": "License Choice",
+      "description": "EITHER (a list of SPDX and/or named licenses) OR (a list of one SPDX License Expression)",
+      "oneOf": [
         {
-          "required": ["license"]
+          "description": "a list of SPDX and/or named licenses",
+          "items": {
+            "type": "object",
+            "required": ["license"],
+            "additionalProperties": false,
+            "properties": {
+              "license": {"$ref": "#/definitions/license"}
+            }
+          }
         },
         {
-          "required": ["expression"]
+          "description": "a list of one SPDX License Expression",
+          "additionalItems": false,
+          "minItems": 1,
+          "maxItems": 1,
+          "items": [{
+            "type": "object",
+            "required": ["expression"],
+            "additionalProperties": false,
+            "properties": {
+              "expression": {
+                "type": "string",
+                "title": "SPDX License Expression",
+                "examples": [
+                  "Apache-2.0 AND (MIT OR GPL-2.0-only)",
+                  "GPL-3.0-only WITH Classpath-exception-2.0"
+                ]
+              }
+            }
+          }]
         }
       ]
     },
@@ -1216,9 +1225,7 @@
           "description": "Specifies information about the data including the directional flow of data and the data classification."
         },
         "licenses": {
-          "type": "array",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"},
+          "$ref": "#/definitions/licenseChoice",
           "title": "Component License(s)"
         },
         "externalReferences": {
@@ -1503,9 +1510,7 @@
           }
         },
         "licenses": {
-          "type": "array",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"},
+          "$ref": "#/definitions/licenseChoice",
           "title": "Component License(s)"
         },
         "copyright": {