Automatic pull of documentation from Wiki.

svn path=/trunk/; revision=6337

2 files changed, 174 insertions, 0 deletions

diff --git a/doc/doc.RPKI.Utils b/doc/doc.RPKI.Utils
index e69de29b..ce36dcbd 100644
--- a/doc/doc.RPKI.Utils
+++ b/doc/doc.RPKI.Utils
@@ -0,0 +1,174 @@
+****** RPKI utility programs ******
+
+The distribution contains a few small utility programs. Most of these are
+nominally relying party tools, but work at a low enough level that they may
+also be useful in diagnosing CA problems.
+
+Unless otherwise specified, all of these tools expect RPKI objects
+(certificates, CRLs, CMS signed objects) to be in DER format.
+
+Several of these tools accept an rcynic_directory argument. Which directory to
+specify here depends on what you're trying to do, but if you're just trying to
+look at authenticated data in your RP cache, and assuming you've installed
+everything in the default locations, the directory you want is probably /var/
+rcynic/data/authenticated.
+
+***** uri *****
+
+uri is a utility program to extract URIs from the SIA, AIA, and CRLDP
+extensions of one or more X.509v3 certificates, either specified directly or as
+CMS objects containing X.509v3 certificates within the CMS wrapper.
+
+Usage:
+
+  $ uri [-h | --help] [-s | --single-line] cert [cert...]
+
+  -h --help
+      Show help
+
+  -s --single-line
+      Single output line per input file
+
+  cert
+      Object(s) to examine
+
+***** hashdir *****
+
+hashdir copies an authenticated result tree from an rcynic run into the format
+expected by most OpenSSL-based programs: a collection of "PEM" format files
+with names in the form that OpenSSL's -CApath lookup routines expect. This can
+be useful for validating RPKI objects which are not distributed as part of the
+repository system.
+
+Usage:
+
+  $ hashdir [-h | --help] [-v | --verbose] rcynic_directory output_directory
+
+  -h --help
+      Show help
+
+  -v --verbose
+      Whistle while you work
+
+  rcynic_directory
+      rcynic authenticated output tree
+
+  output_directory
+      Output directory to create
+
+***** print_rpki_manifest *****
+
+print_rpki_manifest pretty-prints the content of a manifest. It does NOT
+attempt to verify the signature.
+
+Usage:
+
+  $ print_rpki_manifest [-h | --help] [-c | --cms] manifest [manifest...]
+
+  -h --help
+      Show help
+
+  -c --cms
+      Print text representation of entire CMS blob
+
+  manifest
+      Manifest(s) to print
+
+***** print_roa *****
+
+print_roa pretty-prints the content of a ROA. It does NOT attempt to verify the
+signature.
+
+Usage:
+
+  $ print_roa [-h | --help] [-b | --brief] [-c | --cms] [-s | --signing-time]
+  ROA [ROA...]
+
+  -h --help
+      Show help
+
+  -b --brief
+      Brief mode (only show ASN and prefix)
+
+  -c --cms
+      Print text representation of entire CMS blob
+
+  -s --signing-time
+      Show CMS signingTime
+
+  ROA
+      ROA object(s) to print
+
+***** find_roa *****
+
+find_roa searches the authenticated result tree from an rcynic run for ROAs
+matching specified prefixes.
+
+Usage:
+
+  $ find_roa [-h | --help] [-a | --all]
+             [-m | --match-maxlength ] [-f | --show-filenames]
+             [-i | --show-inception]   [-e | --show-expiration]
+             authtree [prefix...]
+
+  -h --help
+      Show help
+
+  -a --all
+      Show all ROAs, do no prefix matching at all
+
+  -e --show-expiration
+      Show ROA chain expiration dates
+
+  -f --show-filenames
+      Show filenames instead of URIs
+
+  -i --show-inception
+      Show inception dates
+
+  -m -match-maxlength
+      Pay attention to maxLength values
+
+  authtree
+      rcynic authenticated output tree
+
+  prefix
+      ROA prefix(es) to on which to match
+
+***** scan_roas *****
+
+scan_roas searchs the authenticated result tree from an rcynic run for ROAs,
+and prints out the signing time, ASN, and prefixes for each ROA, one ROA per
+line.
+
+Other programs such as the rpki-rtr client use scan_roas to extract the
+validated ROA payload after an rcynic validation run.
+
+Usage:
+
+  $ scan_roas [-h | --help] rcynic_directory [rcynic_directory...]
+
+  -h --help
+      Show help
+
+  rcynic_directory
+      rcynic authenticated output tree
+
+***** scan_routercerts *****
+
+scan_routercerts searchs the authenticated result tree from an rcynic run for
+BGPSEC router certificates, and prints out data of interest to the rpki-rtr
+code.
+
+Other programs such as the rpki-rtr client use scan_routercerts to extract the
+validated ROA payload after an rcynic validation run.
+
+Usage:
+
+  $ scan_routercerts [-h | --help] rcynic_directory [rcynic_directory...]
+
+  -h --help
+      Show help
+
+  rcynic_directory
+      rcynic authenticated output tree
diff --git a/doc/manual.pdf b/doc/manual.pdf
index bdd20a10..aa737cde 100644
--- a/doc/manual.pdf
+++ b/doc/manual.pdf