5 files changed, 57 insertions, 9 deletions

diff --git a/doc/doc.RPKI.CA.UI.GUI b/doc/doc.RPKI.CA.UI.GUI
index 5949c589..8346b7c2 100644
--- a/doc/doc.RPKI.CA.UI.GUI
+++ b/doc/doc.RPKI.CA.UI.GUI
@@ -1,3 +1,33 @@
 ****** RPKI CA Engine GUI Interface ******
 
-Documentation not written yet.
+****** GUI Examples ******
+
+***** Logging in to the GUI *****
+
+ 01-login.jpg
+
+***** The Dashboard - Let's Make a ROA *****
+
+ 02-dashboard.jpg
+
+***** ROA List Currently Empty, So Let's Create One *****
+
+ 03-roas.jpg
+
+***** Choose an AS and Prefix - Let MaxLen? Default *****
+
+ 04-create-roa.jpg
+
+***** What Will the Consequences Be? - Confirm OK *****
+
+ 05-are-you-sure.jpg
+
+***** Now We Can See ROAs - Let's Look at Routes *****
+
+      06-roa-list.jpg
+
+***** Real Effect on Routing Table *****
+
+ 07-route view.jpg
+
+***** Ghostbusters etc. are Similar *****
diff --git a/doc/doc.RPKI.RP.rpki-rtr b/doc/doc.RPKI.RP.rpki-rtr
index 6af26a88..810c3bdd 100644
--- a/doc/doc.RPKI.RP.rpki-rtr
+++ b/doc/doc.RPKI.RP.rpki-rtr
@@ -155,7 +155,11 @@ rtr-origin has two other modes which might be useful for debugging:
 
   1. --client mode implements a dumb client program for this protocol, over
      ssh, raw TCP, or by invoking --server mode directly in a subprocess. The
-     output is not expected to be useful except for debugging.
+     output is not expected to be useful except for debugging. Either run it
+     locally where you run the cron job, or run it anywhere on the net, as in
+
+       $ rtr-origin --client tcp <hostname> <port>
+
   2. --show mode will display a text dump of pre-digested data files in the
      current directory.
 
diff --git a/doc/manual.pdf b/doc/manual.pdf
index 4d26ee83..1e5a4a59 100644
--- a/doc/manual.pdf
+++ b/doc/manual.pdf
diff --git a/rcynic/rcynic-html.py b/rcynic/rcynic-html.py
index c165d652..d86c84f3 100644
--- a/rcynic/rcynic-html.py
+++ b/rcynic/rcynic-html.py
@@ -137,7 +137,7 @@ class Validation_Status(object):
     self.uri = elt.text.strip()
     self.timestamp = elt.get("timestamp")
     self.generation = elt.get("generation")
-    self.hostname = urlparse.urlparse(self.uri).hostname or None
+    self.hostname = urlparse.urlparse(self.uri).hostname or "[None]"
     self.fn2 = os.path.splitext(self.uri)[1] or None if self.generation else None
     self.label = label_map[elt.get("status")]
 
diff --git a/rpkid/portal-gui/scripts/rpkigui-rcynic.py b/rpkid/portal-gui/scripts/rpkigui-rcynic.py
index 832a247c..7735df7d 100644
--- a/rpkid/portal-gui/scripts/rpkigui-rcynic.py
+++ b/rpkid/portal-gui/scripts/rpkigui-rcynic.py
@@ -26,7 +26,6 @@ from cStringIO import StringIO
 
 from django.db import transaction
 import django.db.models
-from django.core.exceptions import ObjectDoesNotExist
 from django.core.mail import send_mail
 
 import rpki
@@ -88,8 +87,8 @@ def rcynic_roa(roa, obj):
 
         for pfx in pfxset:
             attrs = {'prefix_min': pfx.min(),
-                        'prefix_max': pfx.max(),
-                        'max_length': pfx.max_prefixlen}
+                     'prefix_max': pfx.max(),
+                     'max_length': pfx.max_prefixlen}
             q = roa_cls.objects.filter(**attrs)
             if not q:
                 prefix_obj.create(**attrs)
@@ -191,11 +190,26 @@ def process_cache(root, xml_file):
                     assert(isinstance(inst, models.Cert))
                     inst.issuer = inst
                 else:
-                    try:
-                        inst.issuer = models.Cert.objects.get(keyid=obj.aki, name=obj.issuer)
-                    except ObjectDoesNotExist:
+                    # if an object has moved in the repository, the entry for
+                    # the old location will still be in the database, but
+                    # without any object_accepted in its validtion status
+                    qs = models.Cert.objects.filter(
+                        keyid=obj.aki,
+                        name=obj.issuer,
+                        repo__statuses=object_accepted
+                    )
+                    ncerts = len(qs)
+                    if ncerts == 0:
                         logger.warning('unable to find signing cert with ski=%s (%s)' % (obj.aki, obj.issuer))
                         continue
+                    else:
+                        if ncerts > 1:
+                            # multiple matching certs, all of which are valid
+                            logger.warning('Found multiple certs matching ski=%s sn=%s' % (obj.aki, obj.issuer))
+                            for c in qs:
+                                logger.warning(c.repo.uri)
+                        # just use the first match
+                        inst.issuer = qs[0]
 
                 try:
                     # do object-specific tasks