trust: Implement a 'trust dump' command

This dumps all the PKCS#11 objects in the internal .p11-kit
persistence format.

This is part of the trust command and tooling, even though
at some point it could go in the p11-kit command. The reason
for this is that the code related to the internal .p11-kit
objects is in the trust code, and consumed solely by the
trust related modules.

1 files changed, 39 insertions, 0 deletions

diff --git a/doc/manual/trust.xml b/doc/manual/trust.xml
index 05f2726..f6f2b3e 100644
--- a/doc/manual/trust.xml
+++ b/doc/manual/trust.xml
@@ -39,6 +39,9 @@
 	<cmdsynopsis>
 		<command>trust anchor</command> /path/to/certificate.crt
 	</cmdsynopsis>
+	<cmdsynopsis>
+		<command>trust dump</command>
+	</cmdsynopsis>
 </refsynopsisdiv>
 
 <refsect1 id="trust-description">
@@ -347,6 +350,42 @@ $ trust extract-compat
 
 </refsect1>
 
+<refsect1 id="trust-dump">
+	<title>Dump</title>
+
+	<para>Dump PKCS#11 items in the various tokens.</para>
+
+<programlisting>
+$ trust dump
+</programlisting>
+
+	<para>Dump information about the various PKCS#11 items in the tokens.
+	Each item is dumped with it's PKCS#11 URI and information in the .p11-kit
+	persistence format.</para>
+
+	<para>You can specify the following options to control what to dump.</para>
+
+	<varlistentry>
+		<term><option>--filter=&lt;what&gt;</option></term>
+		<listitem>
+		<para>Specifies what certificates to extract. You can specify the following values:
+		<variablelist>
+			<varlistentry>
+				<term><option>all</option></term>
+				<listitem><para>All objects. This is the default</para></listitem>
+			</varlistentry>
+			<varlistentry>
+				<term><option>pkcs11:object=xx</option></term>
+				<listitem><para>A PKCS#11 URI to filter with</para></listitem>
+			</varlistentry>
+		</variablelist>
+		</para>
+		</listitem>
+	</varlistentry>
+
+</refsect1>
+
+
 <refsect1 id="trust-bugs">
   <title>Bugs</title>
   <para>