From e22f584a2f4460e7229af6d478246655cd1f5e77 Mon Sep 17 00:00:00 2001
From: Pavel Zilke <pavel.zilke@gmail.com>
Date: Wed, 25 Dec 2024 23:17:38 +0300
Subject: [PATCH] DEVOPS-1897 Docker refactoring

---
 .gitignore                                    |   1 -
 Dockerfile.micord                             |  17 +++++++---------
 ...fd8eb959d9489d5b7b4c143a06cad7952a0744.crl | Bin 11599 -> 0 bytes
 conf/cacerts/README                           |   1 +
 conf/cacerts/guc2022.crt                      | Bin 0 -> 1365 bytes
 .../test_ca_rtk3.crt}                         |   0
 conf/cacerts/ucfk_2023.crt                    | Bin 0 -> 2045 bytes
 conf/certs/README                             |   1 +
 conf/certs/esia_prod.cer                      | Bin 0 -> 2585 bytes
 .../esia_test.cer}                            | Bin
 entrypoint.sh                                 |  19 ++++++++++--------
 ervu-sign-module.service                      |   2 +-
 ...укция по обновлению с версии 1.1.0 до 1.2.0.txt |   2 +-
 13 files changed, 22 insertions(+), 21 deletions(-)
 delete mode 100644 conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
 create mode 100644 conf/cacerts/README
 create mode 100644 conf/cacerts/guc2022.crt
 rename conf/{test_ca_rtk3.cer => cacerts/test_ca_rtk3.crt} (100%)
 create mode 100644 conf/cacerts/ucfk_2023.crt
 create mode 100644 conf/certs/README
 create mode 100644 conf/certs/esia_prod.cer
 rename conf/{TESIA GOST 2012 new.cer => certs/esia_test.cer} (100%)

diff --git a/.gitignore b/.gitignore
index bc7f707..54be822 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,3 @@ CMakeFiles/
 CMakeLists.txt.user
 src/config.h
 src/version.h
-
diff --git a/Dockerfile.micord b/Dockerfile.micord
index 06ebcb9..21db8b2 100644
--- a/Dockerfile.micord
+++ b/Dockerfile.micord
@@ -51,18 +51,15 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si
 
 EXPOSE 9009
 
-ARG ESIA_CA_CERT=test_ca_rtk3.cer
-COPY conf/${ESIA_CA_CERT} ${ESIA_CA_CERT} 
-RUN /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file "${ESIA_CA_CERT}"
+COPY --chown=ervu:ervu conf/cacerts /cacerts
+COPY --chown=ervu:ervu conf/certs /certs
+
+RUN echo "Installing CA certificates" \
+ && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mCA -file {} \;
 
 USER ervu
 
-ARG ESIA_CERT="TESIA GOST 2012 new.cer"
-ARG ESIA_CA_CRL=b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
-COPY --chown=ervu:ervu conf/${ESIA_CERT} ${ESIA_CERT} 
-COPY --chown=ervu:ervu conf/${ESIA_CA_CRL} ${ESIA_CA_CRL} 
-
-RUN /opt/cprocsp/bin/amd64/certmgr -install -file "${ESIA_CERT}" \
-  && /opt/cprocsp/bin/amd64/certmgr -install -store uCA -crl -file "${ESIA_CA_CRL}"
+RUN echo "Installing certificates" \
+ && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
 
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl b/conf/b0fd8eb959d9489d5b7b4c143a06cad7952a0744.crl
deleted file mode 100644
index 51ebdaa21b4ddeab1a6ee2d3b67b368dd9142cf4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11599
zcmai)cUToi*T9FO0`{)4p|PUTnJssBt#r6>0gVNtv1{H$6MH2VKokT8RBR|x#jZOb
z3P>^b_Qu5+uwsiPMx(}FqTe$!H+jjj<a_w*a`$)7Idf)Cn}y+@`NQyTuWfB?pi^}R
zmnC*JY;5doVYp2gY784zujaDEZoGX1CrN@56ck>TQ8U<t{oAHNZ3H<<f)FXPWRg%#
z=vduuuzmH0wx171U0^5j!J(G3Bs*)VnyM9Q`6c0>X~|knNw}6%5~|^n#U-IyHtGo5
zlSgaRYW45Wg>8mm8_AQ7wZc|w1tp8MLM^vssg|o1YpQmzWVu#Y5~JlgYeiaqNodJp
zEt?1~(2Cf1TCP@D5~k&AMOu!twn|ItuBB;fw3P1J>h9ghlet=<R-_fvXVj87XRT0E
zHB42_(e{&1C2`%HwS8KVR^W_;ZqC|4E!S#`>a4~8Wr$O)R$8(auWfd2r=@5`C1K<l
z?Vy%JWf!zV9pI<L47*w_wKOe<eqW?zG2PR(OlK`cOVbjY*5(9+5Qjt&LNv_!kw-Ew
zKsXGByOcv{Ti-Tv{$h})?%eF^l>cG2R0zm(kb?+Hyuc~LU@hoW-EMHJ#`bnjHq|Jx
zN?rr<)feGzOYZLscyJ_x5)u>;&&dcG5s!NkqCrMbK>57#OvF(_K|B&fftQVlaeW9;
zvdZt&X!md3&TMDeLk>z%5=A2-@#7AVuhuE{ZX+ai=-=qurnNa9anJ;1ByoZf;n4XR
zIH+dsa$WLq*pOhyl~zJPBIHHRh}hjW1Qe)8vV%f9we}1P7)S|(Oo$T|-t<qxp03sN
z6NKor#cP2}<IyGg-~UbUP!J^}VwB7Gpg=v8?04bXHx_vetUz$cP=;;Md{CgeCb->b
z`zWJn_Kv>^PUMl!gG{TKvr(WxoxjWHi#dA+^k`RNB_za)vVL_LkvM51C{W{zJvM|d
z9{Q)(xr&6bjKVbupim9j;MVHh^rxXs3aHOzD3L8G>g-_qYQXDIa9G{G%u6~mupnnj
z9wj(vLZT=MIy)E<L5Z5{JRT%X8?vD6E!!msA%T}U!(Gy+@Gv;6PEh@wM~&aG#JQN+
z!Ep$QNbhrI`HI!gz!CL)YT)G4&u%a2vB*jY2tvf^_AVnX{F)9<s1Fl8lZrRaor1!w
zc5n!CCLaFN=gf{rH}b&=^<u82)O_N<=W~uxf*f6*7dailWL%kl5}Z(*<@)ygx=B~h
zS!PNo2tk>XjL+chvfsc7waw;$<zpg7as5)Pb|_Fr3ev3=lVN)^6`WK%Ww=j>aVTBe
zG=bTH6vT5P(rLx)ICX;%E%yaI4{Hd%b0sHAfHL_LEA0|S%)3R1X9t5i`L@4R|9uTg
zNKio>2leNJ5q0kp;!L3>W%%j`b(1uv6(=JBa-89*oj4>7oK%M<`Uw9yHZ(IO&T5AU
z6@fR73}<eagOlo~dEV#cYwn4^d}&=P8Sy;F>twLCN)oPvlj@uGenV#T+q)p+2D2P-
zP=UOjV0L`deHl2VI&b!=f4iyuJzs?qCdebm%lcTti060Kf>Uapt$}dbYlkV#Nu=fx
z;uNSLhzw&%{-fvMN7W`f;K;0_&2QYgLkSMbbbWcFo%r%>Bq&ikEp=Pqyu3^OQP0_0
zky9v&ykQhgbWR69s~-w2{t3^owaq=lWRO$N@z9W%C+`BK>iBhj`z(>qT|3mV$}mBR
z<BcsZqePE`{*wmXkGYoA(YjUwLOjPC+R?K&k&&M0X8ZL|V}{iWri6q{P~nkrRvXcW
z5MS-HG=Alh(z#wVB}fL51;`m@wa{7Fpj1s*=iy%M`#PuRPGokFQ_DeKccPdFGbzz2
z!gZ%huj^9rNJ1cpWMT#~v?J|pE+|$1SnbPyQGa*pqn=a-f(n!%C+eaPlaXSc3(C|7
zah8LJhotO*URJFXB#4S}6wUM_MEiVK<?Z}D6+|+ERRG54Jem^6R+@_%^)}rt>`Dm<
zaY%qXG}LN4e;<^o{k8^78<;b1^8E&k-~=RyqVZZKJ$(Sm)Y=DJ9rtg}R8po=LPiRd
zI1|#HL1uYBN(^7=njKv0%%>eplu(F9TooSN`1vhxN#%<?_njGkp^f+NjNl=ZM8$ZQ
zl-*hjuBy*e%k{^b%G^vW!U;$saaT0VQNLYD0#{YX13@9R7M^dPyPV1ppo}07q2Vsc
zK!?CJHDslE)Tpy(|M>4v>xoiGS|gQP#fpqYpL!Pw(JtO?ZkO&$^CsB+P4I{lbh(xh
z4p}onx%#-+$0;@H=O<ULQ?1y(sv;)N*!2S_SL;Rizj>PTX~@jWOa_Obf)ss@V*cp(
zcp<p1`mXl><9MBrq}sFsg(f6HiATmcYS^|Ea9tf4<MVZ~|FP{i-HBER(wa{(-id>>
z%iy|tBFx{%uHnnw6Ax26NJis1MPJD<t)_?k25zWQtk;lDSG_^WSxQI{L0RC8GtT{m
zhrk{6lY<_gxxD@5V(9{_<q|>yXB>B%_x=c;tLHNPcULP)E&hty0ZCmVa*Cjf)J!W&
z&yC=PTAJ=3u><+P?beNIWug&|=MAIJj9!Fjsk#nKp1khc)WMYCI0;Hf6b*@JO59sv
z3E0-x{*h2l37%7s!1KnL(@Y7kE#9s3-HPW`zd{I-YoH`>oS_|2A5MWcYNwc>X-!W%
zdADs&Wsn*`L89?)Kiy#_c&kp2bbm9s+C!f~_b5RkHR&iSo%43K^=;oBPXn9PflGbc
zUAo@-OyLpg52BSK3Zx<<UCrUW$H7}Qdzmk?xC9glYv`|vkkoll)SV&bfoMvc&vR|t
z(9<Kw{u4%!><X(`o%@tH8}C_X;`!gtPJT@Zh4d(#$vApsQsP#D*O|+o*V%YGl@O$k
zq#47|XGhg};GL@M@q&X&Y;fx&Dx=EvB&#!M?@sVheWF_Wx9Rrhx`bAgK%4*-p4NF}
zbq06e2mtQ9&C)Z*<Ew>zwpDmWhK6}4<k>a=@U>je;9U-n>Nfv|>46}Wc}_6Q@~0`0
z8xzpi<3`sz`|T?bRqW^z(;)ybO7?yZuZ+*@zlsouxD0V}<&J^anzLaku)(KuJo87a
z8M--RN(DO<l81<`?Gw%d8@wsa-)q;<=06Ev{q+pu_)2Gy#l|o1p941d&s82z-RGLr
z3-2gF@`%Dg<6Xad=22ja2QPO0`S&S`e?Qu-LWS&K!DL*YESmN!u*J($y|xrOcx_qc
zXVuCC<;r~s+n;MYmjgR|D9&T|qnZWfBj-?}%AG(gZ`_R#mK@*vxcmKHNgF7^B817f
zq8Zth5bw9U_UQ65^5(k<lrV8Jl(<U$Ez_z~cS6WJT)Wg-vn(8ll#s|7;E{19;6#bq
z+XA9&-@24;DkTJh2tkv;8E1tXpAi}11%3~&4th5G70tPS5yrK{AxMZ9EBu~qdD_qZ
z!A7c;%<+&`@c+!9%#OpOuYwx*NnX&d?9?${gFOF#t?<Qbpa$-SJ^at_zI{{MQ;{&%
zYWd*TpaveX&s?qk>E&&Qkvt;&yH<${B7p<mztm^r$639dK4G!Z+9Md(a_*MXz!Cf9
zd;8yBd%2|3Qz}Csb(SC*pX{)1t3ho%JR;!LyS^z=)*6U|B9ukRxOUjScP*%mr{o6!
zuj)SQlP*yigixTOKd0<Op#>_agKMsIJL5IIN5=u<DPe*Vf{-)rh-*^9qsU`=pY~5~
z+<(c|3UOq1ps#_L2a}^OfVz0jZgauTS4Vm~?_^pbp7fsjSpd`O&AIKMF&<wW&_!N+
zc;Sz%*O55{C4q;AyJWPu7c|D+1(sIBga5cGuuf7&CIki1IIDdA`3}$?f1Txp_KXbP
zR}?|D;*mn4vGFe1&@U8p#H-T-M!j@0A6mpZNuEptL|!k0*-`J+Z=egl73m7Uh;G_!
z^C>DrK?;;b1sc|*ODS;-`-S#w=g_u1oe~lx^*b{5$DX4hpet5$1O2;hSe$&<iP-_E
z<$8ZGt!$>mgRXedUau~D2Bi4K4fqFPSd*^KISsnu#T(4<z1O5xJy>7Ja|l79()57I
zsM$UgAUu7&xzE6dAF4Sf6B!7Su1ye)J?Jyy3gB^#Q2*EcA|prDeZ#auBAF^0XW%ay
zl>;6pX9XVZe{RS7N9(PG3?)I<*I7)f=phk6z%!Pb>kZoD@!{wDf5|`)iu(SR5d%iY
z0s-%fFuyGCoRKh`&ap_<K_(~quA33>920?nFXVfTbBWn)mobaV5IIuC3dZ}2YY_uv
zd}?=q<!G?I*ptjI1yT_~nO6kEK4c;#+UI$TVdK7V*huroU-{U$;vZGx2$1plc(;v(
zuWlx9XK|N!kP|9RRGA&lPf~$`<Cpus?At7A?v_v4T9GpdX)RZ=*J0=Uo1;ZQ!7fpr
zeJ^%&4t>eG3c5>pNk7M8#LV{>fP$A5c({%%`ffQt&ME_vSfa1^nO3ePdq7Y8F~%}e
z$+>&pr-%|VBqvG~4eO(i5oMq!-k0M)`$^wF{Wq~%kZ2{6+2TJl4wG?VVl3!|S7iA8
zuzbe0*lDaI=1D`vRWb7mzmfua;of<k?e85LJo$T8$&ld$5={CN#Vo(*cNX-*FZO%X
zTz+-Q$U2q^J{OFAK79Wj&<o$eZY^hcjC~$EmJ&n;<Q3zcm=|;p^um0c`M|wecWxd(
zV3i?5Ni-REV1H0Ti1U%o{Vv}g{v#z!h;<f*wWNQ4BBMiA;Iua%P$Q?Ml#md~QHpUz
z)_@X;+b!;w<Fd?loe4pzRnp}NhOvEHY$E83?-ltp9R4OCxwlMZ$mB+Yt7JJ_U1(kd
z+;H!mzNHu^A3rva5lA4RT0a?PM3yfhdKS9%JT%|-LBZaNgg)0Yq5=K^xZz)7Ew+A+
z9jn!0{S=V_MNaPzMvQy-12E&5M9=>$T{E}g@Z(g507cRQ=x0o9C&mXH24=h}!Yju=
zZ_9C8Hm_y`($|TMSb9kVX8e1+>*?FUk3R|OO=Qr>Kq9Z<`A9q;2?DTNxYzS)GbW9G
zOl}+mD3bA|sPMW@lF4`x6AJ=y#8wZFt25iy$m&E16C_cT*LPQpc-npi7>Jvz0TX>=
zW9x6G-4zs&iPV<HIm#m?4h+II6a3Temi`KTT$xt1OGL&y(IJ%(&qFOWPklRoOK>11
zSiQ>`-(+R=ivfdi>E^(`2lt%hMzShHB;5oQMZ?{`mJ-cZ`edxiJ-KepWGX{}A~bP|
z@zi!IB`)srDzFSKtQGPLArRy^C=o&bj6Q6aJf;L*5|mi{tZtWAEGE)@#q)Z9FrxmD
zG%y&C$o0!;Ho>vH4m-8hxruR=(f4Z%g7Mt~znbsf6@is3s|h3?3YG3bm<Okg*$;-}
zPY$>*+;+la_7yg@6*vJ(oT%T4Osk)cjt3*~heFrVaYt>&^<h&&rd1V{%=+eqU;?hY
z*wUrdl^02$ZDl@30#w9Gr<Q3oY1vLN5eH{`l&{{hvg7d}O2~-xgUC1!zE_WdDfoS;
zZ<}vlT^_{MtSCd@4>B3aeKNpQTz{LT<%nNUQP|81gsji!jKJqJz#Lqb@0k<aYhvWX
z#*{FT4w5tJ3AR=~cK-!)@TMJJ!Jm$eE>29Ngo4N}LB@9!TY6psbMVA0&&=)B%DUF*
z_x}@7+V5a44q4(c@o;a4lXpKdJ2)OnoWSd9QF}JcksgEA*l9(e>$Uphx5?}tgyT3Q
z@N~{g`usYdlV@%n2&fbNsOD?$QS?{YGdzjrq}x5Q{xO(~6O+sV-dU&HB(|v_S*jfO
z$ghq${sgqf4e~9o7OsDDuxxjQUzLz`dXO^aDVU2B3d|1=FJI{9&MIY+(*<79-yJb~
zdYb<Lt?{BrznH^wpHIJ5!5%>(_qRmyqH^+#N1@M(%=`D-*pB$0WI-agsl=X$4d=l;
zJavit-V0Lnq~@#-VBX^N(Tw@GNy&V$5J%^ldu=^4WY*TdCs^dJ*|_fX+_n-d#8QH1
z8_y+6`G&DX4;n2+Q84b_ea94oh1etB?Zv$K%jv_;Q_U4R$5#Zy$^WmWqhJyKE!V4K
zX<<r}$NMW1#uM{eHRppc9DKm{NW+<XZ{2Q236UpnBvdhPT^$$(!tkBQ!05+c`ZZb7
zixRX?7NEYWXQyX@b2wOq!5VY-?(I4|d9kw~k@^71`V7X197>#s@_pi|{xD`T%l6jO
zW87H>v?DSy*9Kf&>peCk@UIg}ZUw8TJDVt{K?44w$YZ|w;CDx+<}*7eA?YhTrd4B^
z5ILD{rU@ehUFHp;#J_4aujo2R!2U^Y15E>e@jvKG336);c~nIPTX7Yv#n-cZ4mh4X
zD}}zGgf;SWx=xPm#OPQ;lw|wX=`U;_I&~5u$lWyJNkTTtNB!do(PC?Wx82)T>swmy
z>v)p6tLV#8*An7Qs&~^C!5jF2HdF?r6LZ-(A8pt`h~Y_IqnBqFx0=j$qSX$)&zT)h
zC*A>TvEvGFuhuI&oVmaz9oG9H<EdwKaym%FDQaNkmHPIjTc6RjvU*TouQ3n4-!>U+
z#MuWd<KB<Tb9W)rY*ML`y;$k4nQ7Jgrww2u_RBF}F1Doa_hwU1nd1;AaK=@AR5>BO
z+wLoLo!<G31M9M^Rg3W%bQ%0JNW<~_y#s!mQT@{RL(~q5%o{~sZ#lCgYQTMvj{9s6
zEP3+6@u$EtO8jef`S!&ukbzGwbzjrrd;5<b><&sHH=%-H+{xJmT?Jcl`xQaUJN@D+
ztf8xmAeqsN$k^v;es{q(d@IYmw)2nwY5aoqGYTSaBvd-J%#P-hW55o4b8n#Qf`RMr
zdeJE~nf@Yyll1*Q^G9jKLx6Ews`t#VeNJ9)z<h3v)W+3Uhp8DL2e-+0cfHf#eRMja
zYsKz1MPyhLhI82<2X~G0s?~DzB-@bc%pas%6e~^BnH_#*4?!+Iz21M(<gu4ue)C%e
ze^jwcq?YlZ5NF5weYt<?*3rWkRwVRq9x==JL}=hRURmT*Dqoy0B(gjvlN%+j()nOo
z^{BT2{Dd#&dA+)so^dYG+B1<`M3IA)A_K{l%LXn6SMY-^K~s*k7{*t(MmRF#;RQ0+
zBe^p9^K0Nbo{(;y@*PYYlQ*4dPHJpHGLBHMk1ql@ao=^8Sh;uocTVKJEOP4TO^m)@
zXSOEKUJP#HouL6&Lt?6*x+pP%-cD388#hNz1Gn&ZJ3OEES^2hjc0H?B3OTF#TR^rt
zz-s|`g0G|oT&uBm(8r;F)$#NOq>8G1_OIXxJ|6A)Zq$#lXZNq8TG6N}^7>gUvtv%f
zMDQH<SA8-cZc!Sktj|?AR?X`69@8p#^F{Cq*WT<i_s*YV?G|-mc95G!jx#3AE!Ked
zcy^rUf-{*N=f|#KYek2c(6~y-8F2u7!0Y1t!=s)I?NEG^5s*hn5TRjzxTt$BaLgL1
z2H9?I^`^+K10$F}jH~j{E=NGEtP>F)Sv~GF+3icaZv;t)FIMs9P}>&AK*OwrO=djf
z%z;Z+$5>^E&?HnbKgnoCh!aV!PaQ}4_AjGvUyz9oG*z~P`C}y|!j_spi%OHuU7c1z
zhG?9X20IfO1LFMVv}k#!>$_?d2*LOsH}An=&^BvUn&*we!8<!&W_J|`N{APbej37j
zKL6fP&^GJrL2tVs0$Q~8qcxb7;EiWyEp|tNc3FEi`E4HIKKJ{1KT)j^nVMDZE|`p!
z50gQ=td^OUkJI)wn`=YgdSiqj>+gyg@l8nzk+Id>yv7~#u4Y;PlOf3Z=wY8S7LJB(
z$h)hb+BbtuLK~@n#^!x-$v0{E_m)OItDi1g<5I&D)+7%!vbVRjwVwuCR(I@L-NxP~
zTxx7@Uzhzl;*kkLQgJu<-?ujQ)okr-fo;W?p6%Sg<M(@B$_>Bi6(zenEeme2I(N^@
zv0ufOeGJJ-*^`$4;X>O}aUFg4r6tC1ne$b8!oe=LKC6Fa%fdB{+$T89dHTw)<o^If
C5{*Cr

diff --git a/conf/cacerts/README b/conf/cacerts/README
new file mode 100644
index 0000000..e4788a9
--- /dev/null
+++ b/conf/cacerts/README
@@ -0,0 +1 @@
+В данном каталоге должны находится файлы корневых/промежуточных центров сертификации с расширением .cer или .crt
\ No newline at end of file
diff --git a/conf/cacerts/guc2022.crt b/conf/cacerts/guc2022.crt
new file mode 100644
index 0000000000000000000000000000000000000000..fd20eb4ace02cb6fa9ed2222eb91a091c773b0a9
GIT binary patch
literal 1365
zcmeHHO>9h26rTIu>uWpSC>>fq8NF1HhUs}f`m}`7MOz_KGKmZeKSNces%W|pW*!|8
z(h-7?3el!QQ`%A)YF?uYiNxYuwNoKT2x3*5h$43;oz#Yet=!G|&X@1Yy(izfV5L-m
zC4Ijv3PcblI?m*@lpfeD6?J@V49~TU72uT9@*2fdLPP;9vRIu7IdXblxGX&EBIzV6
zGf=g!I8aqtwQut-Z{_ZKZ{2=%9Hh&lPm<ljTAw-vvN%XnGE9?VGukYK_plo~)v1up
znN(#0-tzuRt%C|qr7J7(5({Dv3t<d<Fc#N#vIxZ(c48Oya1!ru#3J)4-bNemQx)b@
z7Gf3)qRmwp#U84ub6_?%bt)cg#wf;E7^Cb63$o)BFY|k`5JoW?zi~=lqZlBWE)@*Z
z1P!zT6I69FxD$+&=`>Bw8M?V})L8t3G0ezzX&R`oNY!;sFZ5@-3>X9dkN4lkyB%^y
zvq}iK<<z`JQ4n&;Xj2fx5{FdmUs>Jisg8_0;qR-z|3$BPk=5RJ_)z5Lw3lBhmd^Y3
zyk@Ah|8+;r)bin-^nCu6PdiGKtsni<*Z7{D8ESi9+|*(b1dBX|(C0)LYNgNz2)$Db
zyo4w50yfkBcD%rX7{xwjp&gH~P0QA;?(e18%|n|=8r8g@lq6JKa~f^zMH{;@hBn@%
z>@W{BPjbA;brIIYj$xFO;rK#WEZE<xEW~rziTALVHL;_~$iF&rma0Z!zMik~qf@k*
zMM3j|?$tnDq!_=InfV0^45Kii(!r~0UJW!AmL;COTPpawCxenOsFOs2IG{upeI6<;
zfg(tgWxjWNNU{==m6)ugWR(K4Ecrat0pqzz1|dHrZYo0t$8L^OKqTY`cz9#HlqF4i
z<X+#k>gtxFgHM(%X?r{Az{T2@@Yr8YT<);S8_JxnCzV43&Zp(A6KggGx(A2PuPSYN
sFmQC%$O3<EeS3MN6b`jqA5j|~UK@O|sd~kYj%{x?WCvaq?j1Sx6ZI7{e*gdg

literal 0
HcmV?d00001

diff --git a/conf/test_ca_rtk3.cer b/conf/cacerts/test_ca_rtk3.crt
similarity index 100%
rename from conf/test_ca_rtk3.cer
rename to conf/cacerts/test_ca_rtk3.crt
diff --git a/conf/cacerts/ucfk_2023.crt b/conf/cacerts/ucfk_2023.crt
new file mode 100644
index 0000000000000000000000000000000000000000..daef01644f34069ed778c77ac91cf2a42828e2b5
GIT binary patch
literal 2045
zcmeHIeQZ-z6z_fS(e9%I+2*E+Y<J;n40t{7wOhAo!Wa;d`N5nMLJT^(GMa6)b{)}W
zXy4n`@u5rth*_qa8H^ajltHz$>svyih8V-SCgMLT2{D006BiSsfCh8>9D#{I;=kto
zbI(2Jci*|cbMEheZo3M)ZEQpoh#+KJrari|+hVa;Z0|vqHKVLgv=Jf-pp!?H5-7H2
zmPOV^e#;@5q#(E17piIYwfI6!ZE}l$haBuwvLVwdHcHk!;n_yzAt>NRhJB9PO>qbf
zreOldF{(Tah1_GaKY*v?+g%M%&s~}JbvVqz7-JfyFovl#Hp&JlrZ9>pF~*(vF}K*j
zGK#0szzM3rGRicjvoIPQg>j5gRapcJ_@P<$c{qe|OtA>YSuYE-y%a}yUQEL{#?u+k
zD(e%QNp6k;F1H(0P%GS^C=WuO>5+1?+-~l3Io;*c2aESO7>WvWR3|u9MJWexRctEE
zaaP`9f=)Il6pC)8cW$TW#jUM1L4QYUQ`hz;&hEbxIy1fUib{6{{PR9lZcwT!ouIq~
zn@yTG;C?hP$=+bQ(7-bk4`ULeOh<$Da3<4q@w&yibJFCU^<WYWOmN<1T5$)?mAlpW
zwl0xjnOU2KIEYdFBwf*djNzH|@5j-&y+(h>i}x81TcLQmj|qW1tF5e06omO?dQ%X@
zRTin{o7|5kPhk7y`0AbK^Oo-adP&)z7YfhS36`GY$_oo|tZ}N~%Iec4i3{ha92tr0
zWBCVODeSaAr+vEVOX>RW3!WL(r7fUKn<3XKHqOf<<c5?1RzhwF!~)tuvw8fIw#TmZ
zr#sugQ!I>8oWKc8p|KpJIEj-O<(o{$6x+)QPw=+JNlao46HKGe`_@104bk;=PtXQ$
zaEH(1rKOxPIumXdlLMnnXT4~!Fiv2Mu5EaVssK>0E`ixR)j2#>NfgLuu$bFaqEG}G
zRx5u8FO!=q;pR#NyLp`;hY`@pP7a(e=_CX?354^{<!wCq<gqQ)uYI-Rv9Zhf-R}lQ
zBk${E)e)Vn_+Lu?la%OlEr*InAMb9Gs!v?&i!9b%wJ?v<KU*r0@{eU7D)kTlP`9T(
zJl<Eld)*(Gr-ncq;QnGs>j$kD%0@~@7DX0p3xxvJ4oA@I?Fa>z2U>k{u+!mb4mesm
zJu0ZG><PBbi1ql}15Mjsm4l&s#|Hf!A#a=4<8QxHY>hQzsg=x{Wg|p#feJ8fgK%G&
zg+Tk&Y{7t}{Rr9>y9<Z$EgZxldiFRDvM|PRl8c!6)OgpQO;Q}^@?~m0Rb{ZRGEp3J
zfU6)HIL;p<o}sLVkCe0o@lB2!VEfqav<|XJdL-#Ad^Tw>$HN%K1SZ+Ov~HP0=Th(6
zRB=@~oDP+LPKpN8DX20yWfhc4yX&qnx1(aY%T;BfoFFTztb(fCI+MkfmYOxcBz|tt
zmaMF;{Z7r=_Wf1g(a+ZeUhgWYYq(f-u=){nyjgUS+CMD5wu6rCYWeAC(~*wzS<)BL
Mce=K9Z~Qj!7gl#wd;kCd

literal 0
HcmV?d00001

diff --git a/conf/certs/README b/conf/certs/README
new file mode 100644
index 0000000..627bc80
--- /dev/null
+++ b/conf/certs/README
@@ -0,0 +1 @@
+В данном каталоге должны находится файлы сертификатов с расширением .cer или .crt
diff --git a/conf/certs/esia_prod.cer b/conf/certs/esia_prod.cer
new file mode 100644
index 0000000000000000000000000000000000000000..056011b1257c8f52fa5e6d0061c7f81436bacef0
GIT binary patch
literal 2585
zcmd5;ZERCz6z=Wqx~~o#1EvtRR~fDw<L=zsZr#L13_%gX0xm!#8MurM<|dt^fRV(s
z7dC_uLB`mJV|3#~kz~}3V%gR^f-%8>=6Qb@LWoh(gvc-csE8(-_m<5K5J>!E(&WD9
zz31ybJ?A-x^rUH|Cte83R>^8jwe%%8>vvzJ>ho(XO&?zVwT6=H3Av4Oyd=q1(xufZ
zqYQguZqwqX-%_MRX?p6G%5~MX3mUweYb)N_RG~C%QJ<vgc6p^O!7<t6Vd#Rv0~ka<
zLh3Y1v&ZE&%Ij@Yk~|)j3JQxng=89-*V2>}mE0arv4_;+A{VKz(^}yw(XkpIz`zjS
z%in{6a|~@5LWt`y_zoW6IwFXgVItz?2*TWtFyDb87#PfBIHRz_JSH@`9|ppRB7!he
z)u$+3M2L4hfdOS=w#k$zUfI*EudY-T$`eA8V-7kI!e@vg#CIW#b7uH{7z{!2sXTxP
zBBT29W9m~zdWz;Ims&stn#<)`lb)g#P$3oF6-l@5pP10y#1kHnxJvmk)SNhC;t)Vo
ze6k5pi0@+}d3>svu&BfX+Nie&!B9=>g|}o!ISwL>5rnv(>j+`k^r<uMHv#EKMEnnY
zAL9WNe{m6jfqsSv!ytwP<cM<J%)`Kdz|6o1Zx-&<z{eCg9>X|r7+q+`VYH(My=X<y
zd>%kI!wIzG7=q{)B3i^%5c|=F187Gt+HpFMp$7+W8f|E2;@5@!=s}NZatg;8I?;_T
zbm6EOq7(Z~uN}fux2f5V4)mC69Sq0Nii2hnF}?Qt3zjs}3O%IWSK)4t+vO=xb0~X!
z)695Nsc-PsZuB;Iw=P&;v!TXUQKxM1ZWY}#27~;6hk>dobCet;iPG%xxs9^bnq?Wi
zv|8nb7Tbc7xz`uXuZYgy_IY2{%{k}2GkdG9-C3Iw>ilKT(&mA>AG3XF&giZ0Ub@;e
zb5qC7#z1e2f9nF}?4s97Cf&~a`j6+2>T$D4kISS<c6sHj$&&P!%_dvr+ms>XR9iYt
z3#N&}aReP{N#s)9YLUxDg;Xux&#|qea(lvDyA&4}FH2)5>)1&iJK4<4t&%+<&hE%<
zl;x7{D}|C>=n5&YU6Ra?lmpx4(W^L#vPB$bW0XM&cDvxWx1_O?b?hXQBSv!#HrXmk
zG%qH3ZCQ?I(8>LXU_>yQ*|Y{*Shk!w3lvgRt+?2eL%P%(GpM)eQXA<~izBcrri%fy
z2Zu3?D2#asVI<b4CPhYhvmnJm7#PL~h7iUe53p4=%S)?#Z28hxSXouW)|$#H<`l%h
z?lq4Qt}qO7o$rLf{i65T;<9B-Bcc^rj$`A0NaVsP^a(zW(FWJ&iLMq6e_=>rI3T!0
zkSgED+zL6CEi^9#)9ge9gCZ%xI0g)^qaR_xFXl;DT;F*JJvf%HYVLV%msZ4t7SoCq
zDpEAkG)F1g5EA6X-#6(zHWy4BctDUR&iq60M{z=URNck-p8UdmO?Acmxkw?G@aKxv
zT&AcwQi6HG+$QHnpRfM8{QSy>I%V9H6mtHS%Iey6!c3`bsH3^ToM3j-oN@ZqwMw10
zvZC$*%G*YZR+4PBR737jnXHc;(nsnztH%oLqgkTZC)uXkrtbMcy_9h~v9xs8H($(3
zbzkaJuDwgTv`r|?w&~I)(xo^2Q$I>>b$XBdv~<r3e}7}<?j?WTxYgC8OAC+b(hH<Z
z^VO#*b38dtSzqJ3mlP+A;(y;S9x}|!Xhm!$E_vuoj4cj0YmWDQVsQ{%!&G{}@}Q~D
zQdVqW%|e&Cfi#J#<bK{faTyR9PgrmsH81WumLK6*Pqy4Td40FVVzI<`kKfef7cCV2
zq$T_1RU^%peTRN7IoUMWyyr{5<J)a}ul(NGX;h`&Q7s$iZ(h@LaO(G8ox13p;cP9*
SEx%RVaie~2`Ng-_P5&D@Kyk1D

literal 0
HcmV?d00001

diff --git a/conf/TESIA GOST 2012 new.cer b/conf/certs/esia_test.cer
similarity index 100%
rename from conf/TESIA GOST 2012 new.cer
rename to conf/certs/esia_test.cer
diff --git a/entrypoint.sh b/entrypoint.sh
index ca327f4..dd2c6eb 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,16 +1,19 @@
 #!/bin/bash
 
-if [ ! -d /var/opt/cprocsp/keys/ervu ];
-  then mkdir -m 700 /var/opt/cprocsp/keys/ervu
-  cp -r /home/ervu/keys/* /var/opt/cprocsp/keys/ervu/
-  chown -R ervu:ervu /var/opt/cprocsp/keys/ervu
+username=$(whoami)
+
+if [ ! -d /var/opt/cprocsp/keys/$username ]; then
+  mkdir -m 700 /var/opt/cprocsp/keys/$username
+  cp -r ~/keys/* /var/opt/cprocsp/keys/$username/
+  chown -R $username:$username /var/opt/cprocsp/keys/$username
 fi
 
 /opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov
 
-set +e
-cd /home/ervu/cacerts
-echo o | /opt/cprocsp/bin/amd64/certmgr -install -store uRoot -file test_ca_2014.crt
-set -e
+echo "Installing CA certificates"
+find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;
+
+echo "Installing certificates" \
+find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;
 
 /opt/ervu-sign-module/ervu-sign-module
diff --git a/ervu-sign-module.service b/ervu-sign-module.service
index c5b4815..6a5b68b 100644
--- a/ervu-sign-module.service
+++ b/ervu-sign-module.service
@@ -8,4 +8,4 @@ StandardError=journal
 User=ervu
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
diff --git a/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt b/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt
index a1badc8..34a2fb9 100644
--- a/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt	
+++ b/Инструкция по обновлению с версии 1.1.0 до 1.2.0.txt	
@@ -37,4 +37,4 @@ curl -v http://127.0.0.1/version
 ```
 
 Статус-код ответа должен быть равен 200 OK.
-В ответе должна быть возвращена строчка "1.2.0".
\ No newline at end of file
+В ответе должна быть возвращена строчка "1.2.0".