Misleading error message when no certificates were stored in the trust store

[yizha1]

What is the areas you experience the issue in?

Notation CLI

What is not working as expected?

Run notation verify command, if no certificates were stored in trust store. The error message is too general and misleading.

$ notation verify $IMAGE
Error: signature verification failed for all the signatures associated with localhost:5001/net-monitor@sha256:8456f085dd609fd12cdebc5f80b6f33f25f670a7a9a03c8fa750b8aee0c4d657

With -v flag used, we could find more information and understand the root cause.

$ notation verify $IMAGE -v
INFO Checking whether signature verification should be skipped or not
INFO Trust policy configuration: &{Name:policy-1 RegistryScopes:[localhost:5001/net-monitor] SignatureVerification:{VerificationLevel:strict Override:map[]} TrustStores:[ca:6.4.io] TrustedIdentities:[*]}
INFO Check over. Trust policy is not configured to skip signature verification
INFO Processing signature with manifest mediaType: application/vnd.oci.image.manifest.v1+json and digest: sha256:7aa4005f01c913531e1ac58176d2cc25ba9f5849ab07eb430dab2e1e04ddeff0
INFO Trust policy configuration: &{Name:policy-1 RegistryScopes:[localhost:5001/net-monitor] SignatureVerification:{VerificationLevel:strict Override:map[]} TrustStores:[ca:6.4.io] TrustedIdentities:[*]}
ERRO authenticity validation failed. Failure reason: error while loading the trust store, trust store "/home/yizha/.config/notation/truststore/x509/ca/6.4.io" has no x509 certificates
WARN Signature sha256:7aa4005f01c913531e1ac58176d2cc25ba9f5849ab07eb430dab2e1e04ddeff0 failed verification with error: error while loading the trust store, trust store "/home/yizha/.config/notation/truststore/x509/ca/6.4.io" has no x509 certificates
Error: signature verification failed for all the signatures associated with localhost:5001/net-monitor@sha256:8456f085dd609fd12cdebc5f80b6f33f25f670a7a9a03c8fa750b8aee0c4d657

What did you expect to happen?

If no certificates are stored in the trust store, the proposed message is as showed in below example

$ notation verify $image
Error: no x509 certificates were found in trust store with the name mystore of type ca

How can we reproduce it?

1. Remove certificates from trust store
2. Run command notation verify $image

Describe your environment

WSL2

What is the version of your Notation CLI or Notation Library?

Notation v1.0.0-rc.7

[priteshbandi]

notation verify $image
Error: no x509 certificates were found in trust store with the name 'mystore' of type ca. Use command "notation cert add" to create and add trusted certificates to trust store

[iamsamirzon]

Suggest one more edit on top of it

notation verify $image
Error: no x509 certificates were found in trust store with the name 'mystore' of type ca**/signingAuthority**. Use command "notation cert add" to create and add trusted certificates to the trust store