notaryproject · Mar 25, 2025 · Mar 25, 2025 · Mar 25, 2025
@@ -56,7 +56,7 @@ Example - Add a certificate to the "tsa" type of a named store "timestamp":
 			return addCerts(opts)
 		},
 	}
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.MarkFlagRequired("type")
 	command.MarkFlagRequired("store")

@@ -67,7 +67,7 @@ Example - Delete certificate "wabbit-networks-timestamp.pem" with "tsa" type fro
 			return deleteCerts(opts)
 		},
 	}
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.Flags().BoolVarP(&opts.all, "all", "a", false, "delete all certificates in the named store")
 	command.Flags().BoolVarP(&opts.confirmed, "yes", "y", false, "do not prompt for confirmation")

@@ -65,7 +65,7 @@ Example - List all certificate files from trust store of type "tsa"
 		},
 	}
 	opts.LoggingFlagOpts.ApplyFlags(command.Flags())
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	return command
 }

@@ -66,7 +66,7 @@ Example - Show details of certificate "wabbit-networks-timestamp.pem" with type
 		},
 	}
 	opts.LoggingFlagOpts.ApplyFlags(command.Flags())
-	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority")
+	command.Flags().StringVarP(&opts.storeType, "type", "t", "", "specify trust store type, options: ca, signingAuthority, tsa")
 	command.Flags().StringVarP(&opts.namedStore, "store", "s", "", "specify named store")
 	command.MarkFlagRequired("type")
 	command.MarkFlagRequired("store")

@@ -4,10 +4,11 @@
 
 Use ```notation certificate``` command to add/list/delete certificates in notation's trust store. Updating an existing certificate is not allowed since the thumbprint will be inconsistent, which results in a new certificate.
 
-The trust store is in the format of a directory in the filesystem as`x509/<type>/<name>/*.crt|*.cer|*.pem`. Currently two types of trust store are supported:
+The trust store is in the format of a directory in the filesystem as`x509/<type>/<name>/*.crt|*.cer|*.pem`. Currently three types of trust store are supported:
 
-* `Certificate Authority`: The directory name is `ca`.
+* `Certificate Authority`: The directory name is `ca`
 * `Signing Authority`: The directory name is `signingAuthority`
+* `Timestamping Authority`: The directory name is `tsa`
 
 There could be more trust store types introduced in the future.
 
@@ -26,9 +27,13 @@ $XDG_CONFIG_HOME/notation/truststore
         /signingAuthority
             /wabbit-networks
                 cert3.crt
+
+        /tsa
+            /trusted-tsa
+                tsa.crt
 ```
 
-In this example, there are two certificates stored in trust store named `acme-rockets` of type `ca`. There is one certificate stored in trust store named `wabbit-networks` of type `signingAuthority`.
+In this example, there are two certificates stored in trust store named `acme-rockets` of type `ca`. There is one certificate stored in trust store named `wabbit-networks` of type `signingAuthority`. And there is one certificate stored in trust store named `trusted-tsa` of type `tsa`.
 
 ## Outline
 
@@ -66,7 +71,7 @@ Usage:
 Flags:
   -h, --help           help for add
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
 ```
 
 ### notation certificate list
@@ -84,7 +89,7 @@ Flags:
   -d, --debug          debug mode
   -h, --help           help for list
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
   -v, --verbose        verbose mode
 ```
 
@@ -100,7 +105,7 @@ Flags:
   -d, --debug          debug mode
   -h, --help           help for show
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
   -v, --verbose        verbose mode
 ```
 
@@ -116,7 +121,7 @@ Flags:
   -a, --all            delete all certificates in the named store
   -h, --help           help for delete
   -s, --store string   specify named store
-  -t, --type string    specify trust store type, options: ca, signingAuthority
+  -t, --type string    specify trust store type, options: ca, signingAuthority, tsa
   -y, --yes            do not prompt for confirmation
 ```
 
@@ -169,11 +174,12 @@ Upon successful listing, all the certificate files in the trust store are printe
 
 An example of the output:
 ```
-STORE TYPE         STORE NAME   CERTIFICATE   
-ca                 myStore1     cert1.pem    
-ca                 myStore2     cert2.crt       
-signingAuthority   myStore1     cert3.crt    
+STORE TYPE         STORE NAME   CERTIFICATE
+ca                 myStore1     cert1.pem
+ca                 myStore2     cert2.crt
+signingAuthority   myStore1     cert3.crt
 signingAuthority   myStore2     cert4.pem
+tsa                myTSA        tsa.crt
 ```
 ### List all certificate files of a certain named store
 
@@ -233,7 +239,7 @@ notation certificate delete --type <type> --store <name> <cert_fileName>
 A prompt is displayed, asking the user to confirm the deletion. Upon successful deletion, the specific certificate is deleted from the trust store named `<name>` of type `<type>`. The output message is printed out as following:
 
 ```text
-Successfully deleted <cert_fileName> from the trust store. 
+Successfully deleted <cert_fileName> from the trust store.
 ```
 
 If users execute the deletion without specifying required flags using `notation cert delete <cert_fileName>`, the deletion fails and the error output message is printed out as follows:
@@ -258,13 +264,13 @@ Use the following command to clean up a test RSA key and its corresponding certi
 notation certificate cleanup-test "wabbit-networks.io"
 ```
 
-A prompt will be displayed, asking the user to confirm the cleanup. 
+A prompt will be displayed, asking the user to confirm the cleanup.
 
 ```text
-The test key <name> and its corresponding certificate will be cleaned up with the following changes: 
-- Delete certificate <name>.crt from store <name> (type ca). 
-- Remove key <name> from the key list. 
-- Delete key file: {NOTATION_CONFIG}/localkeys/<name>.key. 
+The test key <name> and its corresponding certificate will be cleaned up with the following changes:
+- Delete certificate <name>.crt from store <name> (type ca).
+- Remove key <name> from the key list.
+- Delete key file: {NOTATION_CONFIG}/localkeys/<name>.key.
 - Delete certificate file: {NOTATION_CONFIG}/localkeys/<name>.crt.
 
 Are you sure you want to continue? [y/N]