spdx
diff --git a/‎data/SPDXRdfExample.rdf‎
Lines changed: 12 additions & 0 deletions b/‎data/SPDXRdfExample.rdf‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎data/SPDXSimpleTag.tag‎
Lines changed: 1 addition & 0 deletions b/‎data/SPDXSimpleTag.tag‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎spdx/document.py‎
Lines changed: 23 additions & 0 deletions b/‎spdx/document.py‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎spdx/external_document_ref.py‎
Lines changed: 89 additions & 0 deletions b/‎spdx/external_document_ref.py‎
Lines changed: 89 additions & 0 deletions
diff --git a/‎spdx/parsers/lexers/tagvalue.py‎
Lines changed: 18 additions & 1 deletion b/‎spdx/parsers/lexers/tagvalue.py‎
Lines changed: 18 additions & 1 deletion
diff --git a/‎spdx/parsers/rdf.py‎
Lines changed: 38 additions & 0 deletions b/‎spdx/parsers/rdf.py‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎spdx/parsers/rdfbuilders.py‎
Lines changed: 16 additions & 1 deletion b/‎spdx/parsers/rdfbuilders.py‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎spdx/parsers/tagvalue.py‎
Lines changed: 27 additions & 0 deletions b/‎spdx/parsers/tagvalue.py‎
Lines changed: 27 additions & 0 deletions
@@ -15,6 +15,18 @@
       </CreationInfo>
     </creationInfo>
     <specVersion>SPDX-2.1</specVersion>
+    <externalDocumentRef>
+      <ExternalDocumentRef>
+        <externalDocumentId>DocumentRef-spdx-tool-2.1</externalDocumentId>
+        <spdxDocument rdf:resource="https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301"/>
+        <checksum>
+          <Checksum>
+            <checksumValue>d6a770ba38583ed4bb4525bd96e50461655d2759</checksumValue>
+            <algorithm rdf:resource="http://spdx.org/rdf/terms#checksumAlgorithm_sha1"/>
+          </Checksum>
+        </checksum>
+      </ExternalDocumentRef>
+    </externalDocumentRef>
     <referencesFile>
       <File rdf:nodeID="A0">
         <licenseConcluded>
 
@@ -5,6 +5,7 @@ DocumentName: Sample_Document-V2.1
 SPDXID: SPDXRef-DOCUMENT
 DocumentNamespace: https://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301
 DocumentComment: <text>Sample Comment</text>
+ExternalDocumentRef:DocumentRef-spdx-tool-2.1 https://spdx.org/spdxdocs/spdx-tools-v2.1-3F2504E0-4F89-41D3-9A0C-0305E82C3301 SHA1: d6a770ba38583ed4bb4525bd96e50461655d2759
 
 # Creation info
 Creator: Person: Bob ([email protected])
 
@@ -17,6 +17,7 @@
 from functools import total_ordering
 
 from spdx import config
+from spdx.external_document_ref import ExternalDocumentRef
 
 
 def _add_parens(required, text):
@@ -192,6 +193,8 @@ class Document(object):
     - name: Name of the document. Mandatory, one. Type: str.
     - spdx_id: SPDX Identifier for the document to refer to itself in
       relationship to other elements. Mandatory, one. Type: str.
+    - ext_document_references: External SPDX documents referenced within the
+        given SPDX document. Optional, one or many. Type: ExternalDocumentRef
     - comment: Comments on the SPDX file, optional one. Type: str
     - namespace: SPDX document specific namespace. Mandatory, one. Type: str
     - creation_info: SPDX file creation info. Mandatory, one. Type: CreationInfo
@@ -210,6 +213,7 @@ def __init__(self, version=None, data_license=None, name=None, spdx_id=None,
         self.data_license = data_license
         self.name = name
         self.spdx_id = spdx_id
+        self.ext_document_references = []
         self.comment = comment
         self.namespace = namespace
         self.creation_info = CreationInfo()
@@ -223,6 +227,9 @@ def add_review(self, review):
     def add_extr_lic(self, lic):
         self.extracted_licenses.append(lic)
 
+    def add_ext_document_reference(self, ext_doc_ref):
+        self.ext_document_references.append(ext_doc_ref)
+
     @property
     def files(self):
         return self.package.files
@@ -248,6 +255,7 @@ def validate(self, messages=None):
             and self.validate_name(messages)
             and self.validate_spdx_id(messages)
             and self.validate_namespace(messages)
+            and self.validate_ext_document_references(messages)
             and self.validate_creation_info(messages)
             and self.validate_package(messages)
             and self.validate_extracted_licenses(messages)
@@ -312,6 +320,21 @@ def validate_spdx_id(self, messages=None):
             messages.append('Invalid Document SPDX Identifier value.')
             return False
 
+    def validate_ext_document_references(self, messages=None):
+        # FIXME: messages should be returned
+        messages = messages if messages is not None else []
+
+        valid = True
+        for doc in self.ext_document_references:
+            if isinstance(doc, ExternalDocumentRef):
+                valid = doc.validate(messages) and valid
+            else:
+                messages.append(
+                    'External document references must be of the type '
+                    'spdx.document.ExternalDocumentRef and not ' + type(doc))
+                valid = False
+        return valid
+
     def validate_reviews(self, messages=None):
         # FIXME: messages should be returned
         messages = messages if messages is not None else []
 
@@ -0,0 +1,89 @@
+
+# Copyright (c) 2018 Yash M. Nisar
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#     http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import
+from __future__ import print_function
+from __future__ import unicode_literals
+
+from functools import total_ordering
+
+
+@total_ordering
+class ExternalDocumentRef(object):
+    """
+    External Document References entity that contains the following fields :
+    - external_document_id: A unique string containing letters, numbers, '.',
+        '-' or '+'.
+    - spdx_document_uri: The unique ID of the SPDX document being referenced.
+    - check_sum: The checksum of the referenced SPDX document.
+    """
+
+    def __init__(self, external_document_id=None, spdx_document_uri=None,
+                 check_sum=None):
+        self.external_document_id = external_document_id
+        self.spdx_document_uri = spdx_document_uri
+        self.check_sum = check_sum
+
+    def __eq__(self, other):
+        return (
+            isinstance(other, ExternalDocumentRef)
+            and self.external_document_id == other.external_document_id
+            and self.spdx_document_uri == other.spdx_document_uri
+            and self.check_sum == other.check_sum
+        )
+
+    def __lt__(self, other):
+        return (
+            (self.external_document_id, self.spdx_document_uri,
+             self.check_sum) <
+            (other.external_document_id, other.spdx_document_uri,
+             other.check_sum,)
+        )
+
+    def validate(self, messages=None):
+        """
+        Validate all fields of the ExternalDocumentRef class and update the
+        messages list with user friendly error messages for display.
+        """
+        messages = messages if messages is not None else []
+
+        return (self.validate_ext_doc_id(messages) and
+                self.validate_spdx_doc_uri(messages) and
+                self.validate_chksum(messages)
+        )
+
+    def validate_ext_doc_id(self, messages=None):
+        messages = messages if messages is not None else []
+
+        if self.external_document_id:
+            return True
+        else:
+            messages.append('ExternalDocumentRef has no External Document ID.')
+            return False
+
+    def validate_spdx_doc_uri(self, messages=None):
+        messages = messages if messages is not None else []
+
+        if self.spdx_document_uri:
+            return True
+        else:
+            messages.append('ExternalDocumentRef has no SPDX Document URI.')
+            return False
+
+    def validate_chksum(self, messages=None):
+        messages = messages if messages is not None else []
+
+        if self.check_sum:
+            return True
+        else:
+            messages.append('ExternalDocumentRef has no Checksum.')
+            return False
@@ -25,6 +25,7 @@ class Lexer(object):
         'SPDXID': 'DOC_SPDX_ID',
         'DocumentComment': 'DOC_COMMENT',
         'DocumentNamespace': 'DOC_NAMESPACE',
+        'ExternalDocumentRef': 'EXT_DOC_REF',
         # Creation info
         'Creator': 'CREATOR',
         'Created': 'CREATED',
@@ -86,7 +87,8 @@ class Lexer(object):
 
     tokens = ['TEXT', 'TOOL_VALUE', 'UNKNOWN_TAG',
               'ORG_VALUE', 'PERSON_VALUE',
-              'DATE', 'LINE', 'CHKSUM'] + list(reserved.values())
+              'DATE', 'LINE', 'CHKSUM', 'DOC_REF_ID',
+              'DOC_URI', 'EXT_DOC_REF_CHKSUM'] + list(reserved.values())
 
     def t_text(self, t):
         r':\s*<text>'
@@ -114,6 +116,21 @@ def t_CHKSUM(self, t):
         t.value = t.value[1:].strip()
         return t
 
+    def t_DOC_REF_ID(self, t):
+        r':\s*DocumentRef-([A-Za-z0-9\+\.\-]+)'
+        t.value = t.value[1:].strip()
+        return t
+
+    def t_DOC_URI(self, t):
+        r'\s*((ht|f)tps?:\/\/\S*)'
+        t.value = t.value.strip()
+        return t
+
+    def t_EXT_DOC_REF_CHKSUM(self, t):
+        r'\s*SHA1:\s*[a-f0-9]{40,40}'
+        t.value = t.value[1:].strip()
+        return t
+
     def t_TOOL_VALUE(self, t):
         r':\s*Tool:.+'
         t.value = t.value[1:].strip()
 
@@ -40,6 +40,7 @@
     'LL_VALUE': 'Invalid licenseListVersion \'{0}\' must be of the format N.N where N is a number',
     'CREATED_VALUE': 'Invalid created value \'{0}\' must be date in ISO 8601 format.',
     'CREATOR_VALUE': 'Invalid creator value \'{0}\' must be Organization, Tool or Person.',
+    'EXT_DOC_REF_VALUE': 'Failed to extract {0} from ExternalDocumentRef.',
     'PKG_SUPPL_VALUE': 'Invalid package supplier value \'{0}\' must be Organization, Person or NOASSERTION.',
     'PKG_ORIGINATOR_VALUE': 'Invalid package supplier value \'{0}\'  must be Organization, Person or NOASSERTION.',
     'PKG_DOWN_LOC': 'Invalid package download location value \'{0}\'  must be a url or NONE or NOASSERTION',
@@ -746,6 +747,9 @@ def parse(self, fil):
         for s, _p, o in self.graph.triples((None, RDF.type, self.spdx_namespace['SpdxDocument'])):
             self.parse_doc_fields(s)
 
+        for s, _p, o in self.graph.triples((None, RDF.type, self.spdx_namespace['ExternalDocumentRef'])):
+            self.parse_ext_doc_ref(s)
+
         for s, _p, o in self.graph.triples((None, RDF.type, self.spdx_namespace['CreationInfo'])):
             self.parse_creation_info(s)
 
@@ -846,3 +850,37 @@ def parse_doc_fields(self, doc_term):
             except CardinalityError:
                 self.more_than_one_error('Document comment')
                 break
+
+    def parse_ext_doc_ref(self, ext_doc_ref_term):
+        """
+        Parses the External Document ID, SPDX Document URI and Checksum.
+        """
+        for _s, _p, o in self.graph.triples(
+                (ext_doc_ref_term,
+                 self.spdx_namespace['externalDocumentId'],
+                 None)):
+            try:
+                self.builder.set_ext_doc_id(self.doc, six.text_type(o))
+            except SPDXValueError:
+                self.value_error('EXT_DOC_REF_VALUE', 'External Document ID')
+                break
+
+        for _s, _p, o in self.graph.triples(
+                (ext_doc_ref_term,
+                 self.spdx_namespace['spdxDocument'],
+                 None)):
+            try:
+                self.builder.set_spdx_doc_uri(self.doc, six.text_type(o))
+            except SPDXValueError:
+                self.value_error('EXT_DOC_REF_VALUE', 'SPDX Document URI')
+                break
+
+        for _s, _p, checksum in self.graph.triples(
+                (ext_doc_ref_term, self.spdx_namespace['checksum'], None)):
+            for _, _, value in self.graph.triples(
+                    (checksum, self.spdx_namespace['checksumValue'], None)):
+                try:
+                    self.builder.set_chksum(self.doc, six.text_type(value))
+                except SPDXValueError:
+                    self.value_error('EXT_DOC_REF_VALUE', 'Checksum')
+                    break
@@ -135,6 +135,20 @@ def reset_document(self):
         self.doc_spdx_id_set = False
 
 
+class ExternalDocumentRefBuilder(tagvaluebuilders.ExternalDocumentRefBuilder):
+
+    def set_chksum(self, doc, chk_sum):
+        """
+        Sets the external document reference's check sum, if not already set.
+        chk_sum - The checksum value in the form of a string.
+        """
+        if chk_sum:
+            doc.ext_document_references[-1].check_sum = checksum.Algorithm(
+                'SHA1', chk_sum)
+        else:
+            raise SPDXValueError('ExternalDocumentRef::Checksum')
+
+
 class EntityBuilder(tagvaluebuilders.EntityBuilder):
 
     def __init__(self):
@@ -370,7 +384,8 @@ def add_review_comment(self, doc, comment):
             raise OrderError('ReviewComment')
 
 
-class Builder(DocBuilder, EntityBuilder, CreationInfoBuilder, PackageBuilder, FileBuilder, ReviewBuilder):
+class Builder(DocBuilder, EntityBuilder, CreationInfoBuilder, PackageBuilder,
+              FileBuilder, ReviewBuilder, ExternalDocumentRefBuilder):
 
     def __init__(self):
         super(Builder, self).__init__()
 
@@ -41,6 +41,8 @@
     'DOC_VERSION_VALUE_TYPE': 'Invalid SPDXVersion value, must be SPDX-M.N where M and N are numbers. Line: {0}',
     'DOC_NAME_VALUE': 'DocumentName must be single line of text, line: {0}',
     'DOC_SPDX_ID_VALUE': 'Invalid SPDXID value, SPDXID must be SPDXRef-DOCUMENT, line: {0}',
+    'EXT_DOC_REF_VALUE': 'ExternalDocumentRef must contain External Document ID, SPDX Document URI and Checksum'
+                         'in the standard format, line:{0}.',
     'DOC_COMMENT_VALUE_TYPE': 'DocumentComment value must be free form text between <text></text> tags, line:{0}',
     'DOC_NAMESPACE_VALUE': 'Invalid DocumentNamespace value {0}, must contain a scheme (e.g. "https:") '
                            'and should not contain the "#" delimiter, line:{1}',
@@ -114,6 +116,7 @@ def p_attrib(self, p):
                   | data_lics
                   | doc_name
                   | doc_spdx_id
+                  | ext_doc_ref
                   | doc_comment
                   | doc_namespace
                   | creator
@@ -1164,6 +1167,30 @@ def p_doc_spdx_id_2(self, p):
         """doc_spdx_id : DOC_SPDX_ID error"""
         self.error = True
         msg = ERROR_MESSAGES['DOC_SPDX_ID_VALUE'].format(p.lineno(1))
+
+    def p_ext_doc_refs_1(self, p):
+        """ext_doc_ref : EXT_DOC_REF DOC_REF_ID DOC_URI EXT_DOC_REF_CHKSUM"""
+        try:
+            if six.PY2:
+                doc_ref_id = p[2].decode(encoding='utf-8')
+                doc_uri = p[3].decode(encoding='utf-8')
+                ext_doc_chksum = p[4].decode(encoding='utf-8')
+            else:
+                doc_ref_id = p[2]
+                doc_uri = p[3]
+                ext_doc_chksum = p[4]
+
+            self.builder.add_ext_doc_refs(self.document, doc_ref_id, doc_uri,
+                                          ext_doc_chksum)
+        except SPDXValueError:
+            self.error = True
+            msg = ERROR_MESSAGES['EXT_DOC_REF_VALUE'].format(p.lineno(2))
+            self.logger.log(msg)
+
+    def p_ext_doc_refs_2(self, p):
+        """ext_doc_ref : EXT_DOC_REF error"""
+        self.error = True
+        msg = ERROR_MESSAGES['EXT_DOC_REF_VALUE'].format(p.lineno(1))
         self.logger.log(msg)
 
     def p_spdx_version_1(self, p):