Merge branch 'master' into issue-25

8 files changed, 73 insertions, 20 deletions

diff --git a/spdx/annotation.go b/spdx/annotation.go
index 0846d62..9687a28 100644
--- a/spdx/annotation.go
+++ b/spdx/annotation.go
@@ -21,7 +21,7 @@ type Annotation2_1 struct {
 
 	// 8.4: SPDX Identifier Reference
 	// Cardinality: conditional (mandatory, one) if there is an Annotation
-	AnnotationSPDXIdentifier string
+	AnnotationSPDXIdentifier DocElementID
 
 	// 8.5: Annotation Comment
 	// Cardinality: conditional (mandatory, one) if there is an Annotation
diff --git a/spdx/creation_info.go b/spdx/creation_info.go
index 27db3fc..af03dad 100644
--- a/spdx/creation_info.go
+++ b/spdx/creation_info.go
@@ -16,7 +16,7 @@ type CreationInfo2_1 struct {
 
 	// 2.3: SPDX Identifier; should be "SPDXRef-DOCUMENT"
 	// Cardinality: mandatory, one
-	SPDXIdentifier string
+	SPDXIdentifier ElementID
 
 	// 2.4: Document Name
 	// Cardinality: mandatory, one
diff --git a/spdx/document.go b/spdx/document.go
index 6b116a8..1e054ba 100644
--- a/spdx/document.go
+++ b/spdx/document.go
@@ -6,11 +6,12 @@ package spdx
 // Document2_1 is an SPDX Document for version 2.1 of the spec.
 // See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf
 type Document2_1 struct {
-	CreationInfo  *CreationInfo2_1
-	Packages      []*Package2_1
-	OtherLicenses []*OtherLicense2_1
-	Relationships []*Relationship2_1
-	Annotations   []*Annotation2_1
+	CreationInfo    *CreationInfo2_1
+	Packages        map[ElementID]*Package2_1
+	UnpackagedFiles map[ElementID]*File2_1
+	OtherLicenses   []*OtherLicense2_1
+	Relationships   []*Relationship2_1
+	Annotations     []*Annotation2_1
 
 	// DEPRECATED in version 2.0 of spec
 	Reviews []*Review2_1
diff --git a/spdx/file.go b/spdx/file.go
index 3732107..f7c1b42 100644
--- a/spdx/file.go
+++ b/spdx/file.go
@@ -11,7 +11,7 @@ type File2_1 struct {
 
 	// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
 	// Cardinality: mandatory, one
-	FileSPDXIdentifier string
+	FileSPDXIdentifier ElementID
 
 	// 4.3: File Type
 	// Cardinality: optional, multiple
@@ -62,7 +62,10 @@ type File2_1 struct {
 	FileDependencies []string
 
 	// Snippets contained in this File
-	Snippets []*Snippet2_1
+	// Note that Snippets could be defined in a different Document! However,
+	// the only ones that _THIS_ document can contain are this ones that are
+	// defined here -- so this should just be an ElementID.
+	Snippets map[ElementID]*Snippet2_1
 }
 
 // ArtifactOfProject2_1 is a DEPRECATED collection of data regarding
diff --git a/spdx/identifier.go b/spdx/identifier.go
new file mode 100644
index 0000000..496aeb3
--- /dev/null
+++ b/spdx/identifier.go
@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx
+
+// ElementID represents the identifier string portion of an SPDX element
+// identifier. DocElementID should be used for any attributes which can
+// contain identifiers defined in a different SPDX document.
+// ElementIDs should NOT contain the mandatory 'SPDXRef-' portion.
+type ElementID string
+
+// DocElementID represents an SPDX element identifier that could be defined
+// in a different SPDX document, and therefore could have a "DocumentRef-"
+// portion, such as Relationships and Annotations.
+// ElementID is used for attributes in which a "DocumentRef-" portion cannot
+// appear, such as a Package or File definition (since it is necessarily
+// being defined in the present document).
+// DocumentRefID will be the empty string for elements defined in the
+// present document.
+// DocElementIDs should NOT contain the mandatory 'DocumentRef-' or
+// 'SPDXRef-' portions.
+type DocElementID struct {
+	DocumentRefID string
+	ElementRefID  ElementID
+}
+
+// TODO: add equivalents for LicenseRef- identifiers
+
+// MakeDocElementID takes strings (without prefixes) for the DocumentRef-
+// and SPDXRef- identifiers, and returns a DocElementID. An empty string
+// should be used for the DocumentRef- portion if it is referring to the
+// present document.
+func MakeDocElementID(docRef string, eltRef string) DocElementID {
+	return DocElementID{
+		DocumentRefID: docRef,
+		ElementRefID:  ElementID(eltRef),
+	}
+}
+
+// RenderElementID takes an ElementID and returns the string equivalent,
+// with the SPDXRef- prefix reinserted.
+func RenderElementID(eID ElementID) string {
+	return "SPDXRef-" + string(eID)
+}
+
+// RenderDocElementID takes a DocElementID and returns the string equivalent,
+// with the SPDXRef- prefix (and, if applicable, the DocumentRef- prefix)
+// reinserted.
+func RenderDocElementID(deID DocElementID) string {
+	prefix := ""
+	if deID.DocumentRefID != "" {
+		prefix = "DocumentRef-" + deID.DocumentRefID + ":"
+	}
+	return prefix + "SPDXRef-" + string(deID.ElementRefID)
+}
diff --git a/spdx/package.go b/spdx/package.go
index 901fb48..dd793ab 100644
--- a/spdx/package.go
+++ b/spdx/package.go
@@ -5,18 +5,13 @@ package spdx
 // Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
 type Package2_1 struct {
 
-	// NOT PART OF SPEC
-	// flag: does this "package" contain files that were in fact "unpackaged",
-	// e.g. included directly in the Document without being in a Package?
-	IsUnpackaged bool
-
 	// 3.1: Package Name
 	// Cardinality: mandatory, one
 	PackageName string
 
 	// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
 	// Cardinality: mandatory, one
-	PackageSPDXIdentifier string
+	PackageSPDXIdentifier ElementID
 
 	// 3.3: Package Version
 	// Cardinality: optional, one
@@ -115,7 +110,7 @@ type Package2_1 struct {
 	// contained within PackageExternalReference2_1 struct, if present
 
 	// Files contained in this Package
-	Files []*File2_1
+	Files map[ElementID]*File2_1
 }
 
 // PackageExternalReference2_1 is an External Reference to additional info
diff --git a/spdx/relationship.go b/spdx/relationship.go
index bc87967..ef524a3 100644
--- a/spdx/relationship.go
+++ b/spdx/relationship.go
@@ -11,8 +11,8 @@ type Relationship2_1 struct {
 	//              one mandatory for SPDX Document with multiple packages
 	// RefA and RefB are first and second item
 	// Relationship is type from 7.1.1
-	RefA         string
-	RefB         string
+	RefA         DocElementID
+	RefB         DocElementID
 	Relationship string
 
 	// 7.2: Relationship Comment
diff --git a/spdx/snippet.go b/spdx/snippet.go
index 14b3b25..89680c5 100644
--- a/spdx/snippet.go
+++ b/spdx/snippet.go
@@ -7,11 +7,11 @@ type Snippet2_1 struct {
 
 	// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
 	// Cardinality: mandatory, one
-	SnippetSPDXIdentifier string
+	SnippetSPDXIdentifier ElementID
 
 	// 5.2: Snippet from File SPDX Identifier
 	// Cardinality: mandatory, one
-	SnippetFromFileSPDXIdentifier string
+	SnippetFromFileSPDXIdentifier DocElementID
 
 	// 5.3: Snippet Byte Range: [start byte]:[end byte]
 	// Cardinality: mandatory, one