mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/core/client_manager.py

@@ -0,0 +1,271 @@
+"""
+Client Manager for MCP Proxy Adapter Framework
+
+This module provides client management functionality for the MCP Proxy Adapter framework.
+It handles client creation, connection management, and proxy registration.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import asyncio
+import json
+import logging
+from typing import Dict, Any, Optional, List
+from pathlib import Path
+
+from .client import UniversalClient, create_client_from_config
+
+
+class ClientManager:
+    """
+    Manages client connections and proxy registrations.
+
+    This class provides functionality for:
+    - Creating and managing client connections
+    - Proxy registration
+    - Connection pooling
+    - Authentication management
+    """
+
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize client manager.
+
+        Args:
+            config: Client manager configuration
+        """
+        self.config = config
+        self.logger = logging.getLogger(__name__)
+        self.clients: Dict[str, UniversalClient] = {}
+        self.connection_pool: Dict[str, UniversalClient] = {}
+
+        # Client manager settings
+        self.max_connections = config.get("max_connections", 10)
+        self.connection_timeout = config.get("connection_timeout", 30)
+        self.retry_attempts = config.get("retry_attempts", 3)
+        self.retry_delay = config.get("retry_delay", 1)
+
+        self.get_global_logger().info("Client manager initialized")
+
+    async def create_client(self, client_id: str, config_file: str) -> UniversalClient:
+        """
+        Create a new client instance.
+
+        Args:
+            client_id: Unique identifier for the client
+            config_file: Path to client configuration file
+
+        Returns:
+            UniversalClient instance
+        """
+        try:
+            if client_id in self.clients:
+                self.get_global_logger().warning(
+                    f"Client {client_id} already exists, reusing existing connection"
+                )
+                return self.clients[client_id]
+
+            client = create_client_from_config(config_file)
+            self.clients[client_id] = client
+
+            self.get_global_logger().info(f"Client {client_id} created successfully")
+            return client
+
+        except Exception as e:
+            self.get_global_logger().error(f"Failed to create client {client_id}: {e}")
+            raise
+
+    async def get_client(self, client_id: str) -> Optional[UniversalClient]:
+        """
+        Get an existing client instance.
+
+        Args:
+            client_id: Client identifier
+
+        Returns:
+            UniversalClient instance or None if not found
+        """
+        return self.clients.get(client_id)
+
+    async def remove_client(self, client_id: str) -> bool:
+        """
+        Remove a client instance.
+
+        Args:
+            client_id: Client identifier
+
+        Returns:
+            True if client was removed, False otherwise
+        """
+        if client_id in self.clients:
+            client = self.clients[client_id]
+            await client.disconnect()
+            del self.clients[client_id]
+            self.get_global_logger().info(f"Client {client_id} removed")
+            return True
+        return False
+
+    async def test_client_connection(self, client_id: str) -> bool:
+        """
+        Test connection for a specific client.
+
+        Args:
+            client_id: Client identifier
+
+        Returns:
+            True if connection is successful, False otherwise
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            self.get_global_logger().error(f"Client {client_id} not found")
+            return False
+
+        try:
+            return await client.test_connection()
+        except Exception as e:
+            self.get_global_logger().error(f"Connection test failed for client {client_id}: {e}")
+            return False
+
+    async def register_proxy(
+        self, client_id: str, proxy_config: Dict[str, Any]
+    ) -> Dict[str, Any]:
+        """
+        Register with proxy server using a specific client.
+
+        Args:
+            client_id: Client identifier
+            proxy_config: Proxy registration configuration
+
+        Returns:
+            Registration result
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            return {"error": f"Client {client_id} not found"}
+
+        try:
+            result = await client.register_proxy(proxy_config)
+            self.get_global_logger().info(f"Proxy registration completed for client {client_id}")
+            return result
+        except Exception as e:
+            self.get_global_logger().error(f"Proxy registration failed for client {client_id}: {e}")
+            return {"error": str(e)}
+
+    async def execute_command(
+        self, client_id: str, command: str, params: Dict[str, Any] = None
+    ) -> Dict[str, Any]:
+        """
+        Execute a command using a specific client.
+
+        Args:
+            client_id: Client identifier
+            command: Command name
+            params: Command parameters
+
+        Returns:
+            Command result
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            return {"error": f"Client {client_id} not found"}
+
+        try:
+            result = await client.execute_command(command, params or {})
+            self.get_global_logger().info(f"Command {command} executed for client {client_id}")
+            return result
+        except Exception as e:
+            self.get_global_logger().error(f"Command execution failed for client {client_id}: {e}")
+            return {"error": str(e)}
+
+    async def get_client_status(self, client_id: str) -> Dict[str, Any]:
+        """
+        Get status information for a specific client.
+
+        Args:
+            client_id: Client identifier
+
+        Returns:
+            Client status information
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            return {"error": f"Client {client_id} not found"}
+
+        try:
+            # Test connection
+            connection_ok = await client.test_connection()
+
+            # Test security features
+            security_features = await client.test_security_features()
+
+            status = {
+                "client_id": client_id,
+                "base_url": client.base_url,
+                "auth_method": client.auth_method,
+                "connection_ok": connection_ok,
+                "security_features": security_features,
+                "session_active": client.session is not None,
+            }
+
+            return status
+        except Exception as e:
+            self.get_global_logger().error(f"Failed to get status for client {client_id}: {e}")
+            return {"error": str(e)}
+
+
+    async def cleanup(self):
+        """Clean up all client connections."""
+        for client_id in list(self.clients.keys()):
+            await self.remove_client(client_id)
+        self.get_global_logger().info("All client connections cleaned up")
+
+    async def __aenter__(self):
+        """Async context manager entry."""
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        """Async context manager exit."""
+        await self.cleanup()
+
+
+
+
+# Example usage and testing functions
+async def test_client_manager():
+    """Test client manager functionality."""
+    # Example configuration
+    config = {
+        "max_connections": 5,
+        "connection_timeout": 30,
+        "retry_attempts": 3,
+        "retry_delay": 1,
+    }
+
+    async with ClientManager(config) as manager:
+        # Create a client
+        client_id = "test_client"
+        config_file = "configs/http_simple.json"
+
+        try:
+            client = await manager.create_client(client_id, config_file)
+            print(f"✅ Client {client_id} created successfully")
+
+            # Test connection
+            connection_ok = await manager.test_client_connection(client_id)
+            print(f"✅ Connection test: {connection_ok}")
+
+            # Get status
+            status = await manager.get_client_status(client_id)
+            print(f"✅ Client status: {json.dumps(status, indent=2)}")
+
+            # Execute command
+            result = await manager.execute_command(client_id, "help")
+            print(f"✅ Command result: {json.dumps(result, indent=2)}")
+
+        except Exception as e:
+            print(f"❌ Test failed: {e}")
+
+
+if __name__ == "__main__":
+    asyncio.run(test_client_manager())

mcp_proxy_adapter/core/client_security.py

@@ -0,0 +1,411 @@
+"""
+Client Security Module
+
+This module provides client-side security integration for MCP Proxy Adapter,
+using mcp_security_framework utilities for secure connections to servers.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import ssl
+from typing import Dict, Any, Optional, List, Tuple
+from pathlib import Path
+
+# Import framework utilities
+try:
+    from mcp_security_framework.utils import (
+        generate_api_key,
+        create_jwt_token,
+    )
+    from mcp_security_framework.utils.cert_utils import (
+        parse_certificate,
+        extract_roles_from_certificate,
+        validate_certificate_chain,
+        validate_certificate_format,
+    )
+    from mcp_security_framework import SSLConfig
+    from mcp_security_framework.core.ssl_manager import SSLManager
+    from mcp_security_framework.schemas.models import AuthResult, ValidationResult
+
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError as e:
+    # NO FALLBACK! mcp_security_framework is REQUIRED
+    raise RuntimeError(
+        f"CRITICAL: mcp_security_framework is required but not available: {e}. "
+        "Install it with: pip install mcp_security_framework>=1.2.8"
+    ) from e
+    AuthResult = None
+    ValidationResult = None
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class ClientSecurityManager:
+    """
+    Client-side security manager for MCP Proxy Adapter.
+
+    Provides secure client connections using mcp_security_framework utilities.
+    Handles authentication, certificate management, and SSL/TLS for client connections.
+    """
+
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize client security manager.
+
+        Args:
+            config: Security configuration
+        """
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            raise ImportError("mcp_security_framework is not available")
+
+        self.config = config
+        self.security_config = config.get("security", {})
+
+        # Initialize SSL manager if needed
+        self.ssl_manager = None
+        if self.security_config.get("ssl", {}).get("enabled", False):
+            ssl_config = self._create_ssl_config()
+            self.ssl_manager = SSLManager(ssl_config)
+
+        get_global_logger().info("Client security manager initialized")
+
+    def _create_ssl_config(self) -> SSLConfig:
+        """Create SSL configuration for client connections."""
+        ssl_section = self.security_config.get("ssl", {})
+
+        # Determine verify_mode based on verify_server setting
+        verify_server = ssl_section.get("verify_server", True)
+        if verify_server:
+            verify_mode = "CERT_REQUIRED"
+            check_hostname = True
+        else:
+            verify_mode = "CERT_NONE"
+            check_hostname = False
+
+        return SSLConfig(
+            enabled=ssl_section.get("enabled", False),
+            cert_file=ssl_section.get("client_cert_file"),
+            key_file=ssl_section.get("client_key_file"),
+            ca_cert_file=ssl_section.get("ca_cert_file"),
+            verify_mode=verify_mode,
+            min_tls_version=ssl_section.get("min_tls_version", "TLSv1.2"),
+            check_hostname=check_hostname,
+            check_expiry=ssl_section.get("check_expiry", True),
+        )
+
+    def create_client_ssl_context(
+        self, server_hostname: Optional[str] = None
+    ) -> Optional[ssl.SSLContext]:
+        """
+        Create SSL context for client connections.
+
+        Args:
+            server_hostname: Server hostname for SNI
+
+        Returns:
+            SSL context or None if SSL not enabled
+        """
+        if not self.ssl_manager:
+            return None
+
+        try:
+            # Create client SSL context
+            context = self.ssl_manager.create_client_context()
+
+            get_global_logger().info(
+                f"Client SSL context created for {server_hostname or 'unknown server'}"
+            )
+            return context
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create client SSL context: {e}")
+            return None
+
+    def generate_client_api_key(self, user_id: str, prefix: str = "mcp_proxy") -> str:
+        """
+        Generate API key for client authentication.
+
+        Args:
+            user_id: User identifier
+            prefix: Key prefix
+
+        Returns:
+            Generated API key
+        """
+        try:
+            api_key = generate_api_key(prefix=prefix)
+            get_global_logger().info(f"Generated API key for user: {user_id}")
+            return api_key
+        except Exception as e:
+            get_global_logger().error(f"Failed to generate API key: {e}")
+            raise
+
+    def create_client_jwt_token(
+        self,
+        user_id: str,
+        roles: List[str],
+        secret: str,
+        algorithm: str = "HS256",
+        expiry_hours: int = 24,
+    ) -> str:
+        """
+        Create JWT token for client authentication.
+
+        Args:
+            user_id: User identifier
+            roles: User roles
+            secret: JWT secret
+            algorithm: JWT algorithm
+            expiry_hours: Token expiry in hours
+
+        Returns:
+            JWT token
+        """
+        try:
+            payload = {"user_id": user_id, "roles": roles, "type": "client_proxy"}
+
+            token = create_jwt_token(
+                payload=payload,
+                secret=secret,
+                algorithm=algorithm,
+                expiry_hours=expiry_hours,
+            )
+
+            get_global_logger().info(f"Created JWT token for user: {user_id}")
+            return token
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create JWT token: {e}")
+            raise
+
+    def validate_server_certificate(
+        self, cert_path: str, ca_cert_path: Optional[str] = None
+    ) -> bool:
+        """
+        Validate server certificate before connection.
+
+        Args:
+            cert_path: Path to server certificate
+            ca_cert_path: Path to CA certificate
+
+        Returns:
+            True if certificate is valid
+        """
+        try:
+            # Validate certificate format
+            if not validate_certificate_format(cert_path):
+                get_global_logger().error(f"Invalid certificate format: {cert_path}")
+                return False
+
+            # Validate certificate chain if CA provided
+            if ca_cert_path:
+                if not validate_certificate_chain(cert_path, ca_cert_path):
+                    get_global_logger().error(f"Invalid certificate chain: {cert_path}")
+                    return False
+
+            # Parse certificate and check basic properties
+            cert_info = parse_certificate(cert_path)
+            if not cert_info:
+                get_global_logger().error(f"Failed to parse certificate: {cert_path}")
+                return False
+
+            get_global_logger().info(f"Server certificate validated: {cert_path}")
+            return True
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to validate server certificate: {e}")
+            return False
+
+    def extract_server_roles(self, cert_path: str) -> List[str]:
+        """
+        Extract roles from server certificate.
+
+        Args:
+            cert_path: Path to server certificate
+
+        Returns:
+            List of roles extracted from certificate
+        """
+        try:
+            roles = extract_roles_from_certificate(cert_path)
+            get_global_logger().info(
+                f"Extracted roles from server certificate: {roles}"
+            )
+            return roles
+        except Exception as e:
+            get_global_logger().error(f"Failed to extract roles from certificate: {e}")
+            return []
+
+    def get_client_auth_headers(
+        self, auth_method: str = "api_key", **kwargs
+    ) -> Dict[str, str]:
+        """
+        Get authentication headers for client requests.
+
+        Args:
+            auth_method: Authentication method (api_key, jwt, certificate)
+            **kwargs: Additional parameters
+
+        Returns:
+            Dictionary of authentication headers
+        """
+        headers = {}
+
+        try:
+            if auth_method == "api_key":
+                api_key = kwargs.get("api_key")
+                if api_key:
+                    headers["X-API-Key"] = api_key
+                    headers["Authorization"] = f"Bearer {api_key}"
+
+            elif auth_method == "jwt":
+                token = kwargs.get("token")
+                if token:
+                    headers["Authorization"] = f"Bearer {token}"
+
+            elif auth_method == "certificate":
+                # Certificate authentication is handled at SSL level
+                headers["X-Auth-Method"] = "certificate"
+
+            # Add common proxy headers
+            headers["X-Proxy-Type"] = "mcp_proxy_adapter"
+            headers["X-Client-Type"] = "proxy_client"
+
+            get_global_logger().debug(f"Created auth headers for method: {auth_method}")
+            return headers
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create auth headers: {e}")
+            return {}
+
+    def prepare_client_connection(
+        self, server_config: Dict[str, Any]
+    ) -> Tuple[Optional[ssl.SSLContext], Dict[str, str]]:
+        """
+        Prepare secure client connection to server.
+
+        Args:
+            server_config: Server connection configuration
+
+        Returns:
+            Tuple of (SSL context, auth headers)
+        """
+        ssl_context = None
+        auth_headers = {}
+
+        try:
+            # Create SSL context if needed
+            if server_config.get("ssl", False):
+                server_hostname = server_config.get("hostname")
+                ssl_context = self.create_client_ssl_context(server_hostname)
+
+            # Create authentication headers
+            auth_method = server_config.get("auth_method", "api_key")
+            auth_headers = self.get_client_auth_headers(
+                auth_method=auth_method,
+                api_key=server_config.get("api_key"),
+                token=server_config.get("token"),
+            )
+
+            get_global_logger().info(
+                f"Prepared client connection for {server_config.get('hostname', 'unknown')}"
+            )
+            return ssl_context, auth_headers
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to prepare client connection: {e}")
+            return None, {}
+
+    def validate_server_response(self, response_headers: Dict[str, str]) -> bool:
+        """
+        Validate server response for security compliance.
+
+        Args:
+            response_headers: Server response headers
+
+        Returns:
+            True if response is valid
+        """
+        try:
+            # Check for required security headers
+            required_headers = ["Content-Type"]
+            for header in required_headers:
+                if header not in response_headers:
+                    get_global_logger().warning(f"Missing required header: {header}")
+
+            # Check for security headers
+            security_headers = ["X-Frame-Options", "X-Content-Type-Options"]
+            for header in security_headers:
+                if header in response_headers:
+                    get_global_logger().debug(f"Found security header: {header}")
+
+            # Validate content type
+            content_type = response_headers.get("Content-Type", "")
+            if "application/json" not in content_type:
+                get_global_logger().warning(f"Unexpected content type: {content_type}")
+
+            return True
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to validate server response: {e}")
+            return False
+
+    def get_client_certificate_info(self) -> Optional[Dict[str, Any]]:
+        """
+        Get information about client certificate.
+
+        Returns:
+            Certificate information or None
+        """
+        try:
+            ssl_config = self.security_config.get("ssl", {})
+            cert_path = ssl_config.get("client_cert_file")
+
+            if not cert_path or not Path(cert_path).exists():
+                return None
+
+            cert_info = parse_certificate(cert_path)
+            if cert_info:
+                roles = extract_roles_from_certificate(cert_path)
+                cert_info["roles"] = roles
+                return cert_info
+
+            return None
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to get client certificate info: {e}")
+            return None
+
+    def is_ssl_enabled(self) -> bool:
+        """Check if SSL is enabled for client connections."""
+        return self.security_config.get("ssl", {}).get("enabled", False)
+
+    def get_supported_auth_methods(self) -> List[str]:
+        """Get list of supported authentication methods."""
+        return ["api_key", "jwt", "certificate"]
+
+
+# Factory function for easy integration
+def create_client_security_manager(
+    config: Dict[str, Any],
+) -> Optional[ClientSecurityManager]:
+    """
+    Create client security manager instance.
+
+    Args:
+        config: Configuration dictionary
+
+    Returns:
+        ClientSecurityManager instance or None if framework not available
+    """
+    try:
+        return ClientSecurityManager(config)
+    except ImportError:
+        get_global_logger().warning(
+            "mcp_security_framework not available, client security disabled"
+        )
+        return None
+    except Exception as e:
+        get_global_logger().error(f"Failed to create client security manager: {e}")
+        return None

mcp_proxy_adapter/core/config/__init__.py

@@ -0,0 +1,18 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Configuration management package for MCP Proxy Adapter.
+"""
+
+from .config import Config
+from .config_loader import ConfigLoader
+from .feature_manager import FeatureManager
+from .config_factory import ConfigFactory
+
+__all__ = [
+    "Config",
+    "ConfigLoader",
+    "FeatureManager",
+    "ConfigFactory",
+]