From 97ef87db9a9718846a1742b46309297aa859119f Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Mon, 3 Apr 2023 14:51:32 +0200
Subject: [PATCH] streamline licenses

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 schema/bom-1.5.schema.json | 67 ++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 31 deletions(-)

diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
index f2f43304..c7d1b721 100644
--- a/schema/bom-1.5.schema.json
+++ b/schema/bom-1.5.schema.json
@@ -166,10 +166,8 @@
           "$ref": "#/definitions/organizationalEntity"
         },
         "licenses": {
-          "type": "array",
           "title": "BOM License(s)",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"}
+          "$ref": "#/definitions/licenseChoice"
         },
         "properties": {
           "type": "array",
@@ -372,9 +370,7 @@
           "items": {"$ref": "#/definitions/hash"}
         },
         "licenses": {
-          "type": "array",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"},
+          "$ref": "#/definitions/licenseChoice",
           "title": "Component License(s)"
         },
         "copyright": {
@@ -802,28 +798,41 @@
       }
     },
     "licenseChoice": {
-      "type": "object",
-      "title": "License(s)",
-      "additionalProperties": false,
-      "properties": {
-        "license": {
-          "$ref": "#/definitions/license"
-        },
-        "expression": {
-          "type": "string",
-          "title": "SPDX License Expression",
-          "examples": [
-            "Apache-2.0 AND (MIT OR GPL-2.0-only)",
-            "GPL-3.0-only WITH Classpath-exception-2.0"
-          ]
-        }
-      },
-      "oneOf":[
+      "type": "array",
+      "description": "EITHER (a list of exactly one SPDX License Expression) OR (a list of SPDX and/or named licenses)",
+      "oneOf": [
         {
-          "required": ["license"]
+          "minItems": 1,
+          "maxItems": 1,
+          "items": {
+            "type": "object",
+            "required": ["expression"],
+            "additionalProperties": false,
+            "properties": {
+              "expression": {
+                "type": "string",
+                "title": "SPDX License Expression",
+                "examples": [
+                  "Apache-2.0 AND (MIT OR GPL-2.0-only)",
+                  "GPL-3.0-only WITH Classpath-exception-2.0"
+                ]
+              }
+            }
+          }
         },
         {
-          "required": ["expression"]
+          "minItems": 0,
+          "items": {
+            "type": "object",
+            "title": "License(s)",
+            "required": ["license"],
+            "additionalProperties": false,
+            "properties": {
+              "license": {
+                "$ref": "#/definitions/license"
+              }
+            }
+          }
         }
       ]
     },
@@ -1153,9 +1162,7 @@
           "description": "Specifies the data classification."
         },
         "licenses": {
-          "type": "array",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"},
+          "$ref": "#/definitions/licenseChoice",
           "title": "Component License(s)"
         },
         "externalReferences": {
@@ -1247,9 +1254,7 @@
       "additionalProperties": false,
       "properties": {
         "licenses": {
-          "type": "array",
-          "additionalItems": false,
-          "items": {"$ref": "#/definitions/licenseChoice"},
+          "$ref": "#/definitions/licenseChoice",
           "title": "Component License(s)"
         },
         "copyright": {