mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/core/crl_utils.py

@@ -0,0 +1,362 @@
+"""
+CRL Utilities Module
+
+This module provides utilities for working with Certificate Revocation Lists (CRL).
+Supports both file-based and URL-based CRL sources.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+Version: 1.0.0
+"""
+
+import logging
+import os
+import tempfile
+from pathlib import Path
+from typing import Optional, Union, Dict, Any
+import requests
+from requests.adapters import HTTPAdapter
+from urllib3.util.retry import Retry
+
+# Import mcp_security_framework CRL utilities
+try:
+    from mcp_security_framework.utils.cert_utils import (
+        is_certificate_revoked,
+        validate_certificate_against_crl,
+        is_crl_valid,
+        get_crl_info,
+    )
+
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+
+logger = logging.getLogger(__name__)
+
+
+class CRLManager:
+    """
+    Manager for Certificate Revocation Lists (CRL).
+
+    Supports both file-based and URL-based CRL sources.
+    Automatically downloads CRL from URLs and caches them locally.
+    """
+
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize CRL manager.
+
+        Args:
+            config: Configuration dictionary containing CRL settings
+        """
+        self.config = config
+        self.crl_enabled = config.get("crl_enabled", False)
+
+        # Only analyze CRL paths if certificates are enabled
+        certificates_enabled = config.get("certificates_enabled", True)
+        if certificates_enabled and self.crl_enabled:
+            self.crl_path = config.get("crl_path")
+            self.crl_url = config.get("crl_url")
+            self.crl_validity_days = config.get("crl_validity_days", 30)
+        else:
+            # Don't analyze CRL paths if certificates are disabled
+            self.crl_path = None
+            self.crl_url = None
+            self.crl_validity_days = 30
+
+        # Cache for downloaded CRL files
+        self._crl_cache: Dict[str, str] = {}
+
+        # Setup HTTP session with retry strategy
+        self._setup_http_session()
+
+        get_global_logger().info(
+            f"CRL Manager initialized - enabled: {self.crl_enabled}, certificates_enabled: {certificates_enabled}"
+        )
+
+    def _setup_http_session(self):
+        """Setup HTTP session with retry strategy for CRL downloads."""
+        self.session = requests.Session()
+
+        # Configure retry strategy
+        retry_strategy = Retry(
+            total=3,
+            backoff_factor=1,
+            status_forcelist=[429, 500, 502, 503, 504],
+        )
+
+        adapter = HTTPAdapter(max_retries=retry_strategy)
+        self.session.mount("http://", adapter)
+        self.session.mount("https://", adapter)
+
+        # Set timeout
+        self.session.timeout = 30
+
+    def get_crl_data(self) -> Optional[Union[str, bytes, Path]]:
+        """
+        Get CRL data from configured source.
+
+        Returns:
+            CRL data as string, bytes, or Path, or None if not available
+
+        Raises:
+            ValueError: If CRL is enabled but no source is configured
+            FileNotFoundError: If CRL file is not found
+            requests.RequestException: If CRL download fails
+        """
+        if not self.crl_enabled:
+            get_global_logger().debug("CRL is disabled, skipping CRL check")
+            return None
+
+        # Check if CRL URL is configured
+        if self.crl_url:
+            return self._get_crl_from_url()
+
+        # Check if CRL file path is configured
+        if self.crl_path:
+            return self._get_crl_from_file()
+
+        # If CRL is enabled but no source is configured, this is an error
+        if self.crl_enabled:
+            raise ValueError(
+                "CRL is enabled but neither crl_path nor crl_url is configured"
+            )
+
+        return None
+
+    def _get_crl_from_url(self) -> str:
+        """
+        Download CRL from URL.
+
+        Returns:
+            Path to downloaded CRL file
+
+        Raises:
+            requests.RequestException: If download fails
+            ValueError: If downloaded data is not valid CRL
+        """
+        try:
+            get_global_logger().info(f"Downloading CRL from URL: {self.crl_url}")
+
+            # Download CRL
+            response = self.session.get(self.crl_url)
+            response.raise_for_status()
+
+            # Validate content type
+            content_type = response.headers.get("content-type", "").lower()
+            if (
+                "application/pkix-crl" not in content_type
+                and "application/x-pkcs7-crl" not in content_type
+            ):
+                get_global_logger().warning(f"Unexpected content type for CRL: {content_type}")
+
+            # Save to temporary file
+            with tempfile.NamedTemporaryFile(
+                mode="wb", suffix=".crl", delete=False
+            ) as temp_file:
+                temp_file.write(response.content)
+                temp_file_path = temp_file.name
+
+            # Validate CRL format
+            if SECURITY_FRAMEWORK_AVAILABLE:
+                try:
+                    is_crl_valid(temp_file_path)
+                    get_global_logger().info(
+                        f"CRL downloaded and validated successfully from {self.crl_url}"
+                    )
+                except Exception as e:
+                    os.unlink(temp_file_path)
+                    raise ValueError(f"Downloaded CRL is not valid: {e}")
+            else:
+                get_global_logger().warning(
+                    "mcp_security_framework not available, skipping CRL validation"
+                )
+
+            # Cache the file path
+            self._crl_cache[self.crl_url] = temp_file_path
+
+            return temp_file_path
+
+        except requests.RequestException as e:
+            get_global_logger().error(f"Failed to download CRL from {self.crl_url}: {e}")
+            raise
+        except Exception as e:
+            get_global_logger().error(f"CRL download failed: {e}")
+            raise
+
+    def _get_crl_from_file(self) -> str:
+        """
+        Get CRL from file path.
+
+        Returns:
+            Path to CRL file
+
+        Raises:
+            FileNotFoundError: If CRL file is not found
+            ValueError: If CRL file is not valid
+        """
+        if not os.path.exists(self.crl_path):
+            raise FileNotFoundError(f"CRL file not found: {self.crl_path}")
+
+        # Validate CRL format
+        if SECURITY_FRAMEWORK_AVAILABLE:
+            try:
+                is_crl_valid(self.crl_path)
+                get_global_logger().info(f"CRL file validated successfully: {self.crl_path}")
+            except Exception as e:
+                raise ValueError(f"CRL file is not valid: {e}")
+        else:
+            get_global_logger().warning(
+                "mcp_security_framework not available, skipping CRL validation"
+            )
+
+        return self.crl_path
+
+    def is_certificate_revoked(self, cert_path: str) -> bool:
+        """
+        Check if certificate is revoked according to CRL.
+
+        Args:
+            cert_path: Path to certificate file
+
+        Returns:
+            True if certificate is revoked, False otherwise
+
+        Raises:
+            ValueError: If CRL is enabled but not available
+            FileNotFoundError: If certificate file is not found
+        """
+        if not self.crl_enabled:
+            return False
+
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            get_global_logger().warning("mcp_security_framework not available, skipping CRL check")
+            return False
+
+        try:
+            crl_data = self.get_crl_data()
+            if not crl_data:
+                get_global_logger().warning("CRL is enabled but no CRL data is available")
+                return False
+
+            is_revoked = is_certificate_revoked(cert_path, crl_data)
+
+            if is_revoked:
+                get_global_logger().warning(f"Certificate is revoked according to CRL: {cert_path}")
+            else:
+                get_global_logger().debug(
+                    f"Certificate is not revoked according to CRL: {cert_path}"
+                )
+
+            return is_revoked
+
+        except Exception as e:
+            get_global_logger().error(f"CRL check failed for certificate {cert_path}: {e}")
+            # For security, consider certificate invalid if CRL check fails
+            return True
+
+    def validate_certificate_against_crl(self, cert_path: str) -> Dict[str, Any]:
+        """
+        Validate certificate against CRL and return detailed status.
+
+        Args:
+            cert_path: Path to certificate file
+
+        Returns:
+            Dictionary containing validation results
+
+        Raises:
+            ValueError: If CRL is enabled but not available
+            FileNotFoundError: If certificate file is not found
+        """
+        if not self.crl_enabled:
+            return {
+                "is_revoked": False,
+                "crl_checked": False,
+                "crl_source": None,
+                "message": "CRL check is disabled",
+            }
+
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            get_global_logger().warning(
+                "mcp_security_framework not available, skipping CRL validation"
+            )
+            return {
+                "is_revoked": False,
+                "crl_checked": False,
+                "crl_source": None,
+                "message": "mcp_security_framework not available",
+            }
+
+        try:
+            crl_data = self.get_crl_data()
+            if not crl_data:
+                get_global_logger().warning("CRL is enabled but no CRL data is available")
+                return {
+                    "is_revoked": True,  # For security, consider invalid if CRL unavailable
+                    "crl_checked": False,
+                    "crl_source": None,
+                    "message": "CRL is enabled but not available",
+                }
+
+            # Get CRL source info
+            crl_source = self.crl_url if self.crl_url else self.crl_path
+
+            # Validate certificate against CRL
+            result = validate_certificate_against_crl(cert_path, crl_data)
+
+            result["crl_checked"] = True
+            result["crl_source"] = crl_source
+
+            return result
+
+        except Exception as e:
+            get_global_logger().error(f"CRL validation failed for certificate {cert_path}: {e}")
+            # For security, consider certificate invalid if CRL validation fails
+            return {
+                "is_revoked": True,
+                "crl_checked": False,
+                "crl_source": self.crl_url if self.crl_url else self.crl_path,
+                "message": f"CRL validation failed: {e}",
+            }
+
+    def get_crl_info(self) -> Optional[Dict[str, Any]]:
+        """
+        Get information about the configured CRL.
+
+        Returns:
+            Dictionary containing CRL information, or None if CRL is not available
+        """
+        if not self.crl_enabled:
+            return None
+
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            get_global_logger().warning("mcp_security_framework not available, cannot get CRL info")
+            return None
+
+        try:
+            crl_data = self.get_crl_data()
+            if not crl_data:
+                return None
+
+            return get_crl_info(crl_data)
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to get CRL info: {e}")
+            return None
+
+    def cleanup_cache(self):
+        """Clean up temporary CRL files."""
+        for url, temp_path in self._crl_cache.items():
+            try:
+                if os.path.exists(temp_path):
+                    os.unlink(temp_path)
+                    get_global_logger().debug(f"Cleaned up temporary CRL file: {temp_path}")
+            except Exception as e:
+                get_global_logger().warning(f"Failed to cleanup temporary CRL file {temp_path}: {e}")
+
+        self._crl_cache.clear()
+
+    def __del__(self):
+        """Cleanup when object is destroyed."""
+        self.cleanup_cache()

mcp_proxy_adapter/core/errors.py

@@ -0,0 +1,276 @@
+"""
+Module for defining errors and exceptions for the microservice.
+"""
+
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional
+
+
+class MicroserviceError(Exception):
+    """
+    Base class for all microservice exceptions.
+
+    Attributes:
+        message: Error message.
+        code: Error code.
+        data: Additional error data.
+    """
+
+    def __init__(
+        self, message: str, code: int = -32000, data: Optional[Dict[str, Any]] = None
+    ):
+        """
+        Initialize the error.
+
+        Args:
+            message: Error message.
+            code: Error code according to JSON-RPC standard.
+            data: Additional error data.
+        """
+        self.message = message
+        self.code = code
+        self.data = data or {}
+        super().__init__(message)
+
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert error to dictionary format."""
+        result = {
+            "code": self.code,
+            "message": self.message
+        }
+        if self.data:
+            result["data"] = self.data
+        return result
+
+
+
+class ParseError(MicroserviceError):
+    """
+    Error while parsing JSON request.
+    JSON-RPC Error code: -32700
+    """
+
+    def __init__(
+        self, message: str = "Parse error", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32700, data=data)
+
+
+class InvalidRequestError(MicroserviceError):
+    """
+    Invalid JSON-RPC request format.
+    JSON-RPC Error code: -32600
+    """
+
+    def __init__(
+        self, message: str = "Invalid Request", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32600, data=data)
+
+
+class MethodNotFoundError(MicroserviceError):
+    """
+    Method not found error.
+    JSON-RPC Error code: -32601
+    """
+
+    def __init__(
+        self, message: str = "Method not found", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32601, data=data)
+
+
+class InvalidParamsError(MicroserviceError):
+    """
+    Invalid method parameters.
+    JSON-RPC Error code: -32602
+    """
+
+    def __init__(
+        self, message: str = "Invalid params", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32602, data=data)
+
+
+class InternalError(MicroserviceError):
+    """
+    Internal server error.
+    JSON-RPC Error code: -32603
+    """
+
+    def __init__(
+        self, message: str = "Internal error", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32603, data=data)
+
+
+class ValidationError(MicroserviceError):
+    """
+    Input data validation error.
+    JSON-RPC Error code: -32602 (using Invalid params code)
+    """
+
+    def __init__(
+        self, message: str = "Validation error", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32602, data=data)
+
+
+class CommandError(MicroserviceError):
+    """
+    Command execution error.
+    JSON-RPC Error code: -32000 (server error)
+    """
+
+    def __init__(
+        self,
+        message: str = "Command execution error",
+        data: Optional[Dict[str, Any]] = None,
+    ):
+        super().__init__(message, code=-32000, data=data)
+
+
+class NotFoundError(MicroserviceError):
+    """
+    "Not found" error.
+    JSON-RPC Error code: -32601 (using Method not found code)
+    """
+
+    def __init__(
+        self, message: str = "Resource not found", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32601, data=data)
+
+
+class ConfigurationError(MicroserviceError):
+    """
+    Configuration error.
+    JSON-RPC Error code: -32603 (using Internal error code)
+    """
+
+    def __init__(
+        self,
+        message: str = "Configuration error",
+        data: Optional[Dict[str, Any]] = None,
+    ):
+        super().__init__(message, code=-32603, data=data)
+
+
+class AuthenticationError(MicroserviceError):
+    """
+    Authentication error.
+    JSON-RPC Error code: -32001 (server error)
+    """
+
+    def __init__(
+        self,
+        message: str = "Authentication error",
+        data: Optional[Dict[str, Any]] = None,
+    ):
+        super().__init__(message, code=-32001, data=data)
+
+
+class AuthorizationError(MicroserviceError):
+    """
+    Authorization error.
+    JSON-RPC Error code: -32002 (server error)
+    """
+
+    def __init__(
+        self,
+        message: str = "Authorization error",
+        data: Optional[Dict[str, Any]] = None,
+    ):
+        super().__init__(message, code=-32002, data=data)
+
+
+class TimeoutError(MicroserviceError):
+    """
+    Timeout error.
+    JSON-RPC Error code: -32003 (server error)
+    """
+
+    def __init__(
+        self, message: str = "Timeout error", data: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, code=-32003, data=data)
+
+
+
+
+@dataclass
+class ValidationResult:
+    """Result of configuration validation."""
+    level: str  # "error", "warning", "info"
+    message: str
+    section: Optional[str] = None
+    key: Optional[str] = None
+    suggestion: Optional[str] = None
+
+
+class ConfigError(MicroserviceError):
+    """Configuration validation error."""
+    
+    def __init__(self, message: str, validation_results: Optional[List[ValidationResult]] = None):
+        """
+        Initialize configuration error.
+        
+        Args:
+            message: Error message
+            validation_results: List of validation results that caused the error
+        """
+        super().__init__(message, code=-32001, data={"type": "configuration_error"})
+        self.validation_results = validation_results or []
+    
+
+
+class MissingConfigKeyError(ConfigError):
+    """Missing required configuration key."""
+    
+    def __init__(self, key: str, section: str = None):
+        location = f"{section}.{key}" if section else key
+        message = f"Required configuration key '{location}' is missing"
+        super().__init__(message)
+        self.key = key
+        self.section = section
+
+
+class InvalidConfigValueError(ConfigError):
+    """Invalid configuration value."""
+    
+    def __init__(self, key: str, value: Any, expected_type: str, section: str = None):
+        location = f"{section}.{key}" if section else key
+        message = f"Invalid value for '{location}': got {type(value).__name__}, expected {expected_type}"
+        super().__init__(message)
+        self.key = key
+        self.section = section
+        self.value = value
+        self.expected_type = expected_type
+
+
+class MissingConfigSectionError(ConfigError):
+    """Missing required configuration section."""
+    
+    def __init__(self, section: str):
+        message = f"Required configuration section '{section}' is missing"
+        super().__init__(message)
+        self.section = section
+
+
+class MissingConfigFileError(ConfigError):
+    """Missing configuration file."""
+    
+    def __init__(self, file_path: str):
+        message = f"Configuration file '{file_path}' does not exist"
+        super().__init__(message)
+        self.file_path = file_path
+
+
+class InvalidConfigFileError(ConfigError):
+    """Invalid configuration file format."""
+    
+    def __init__(self, file_path: str, reason: str):
+        message = f"Invalid configuration file '{file_path}': {reason}"
+        super().__init__(message)
+        self.file_path = file_path
+        self.reason = reason

mcp_proxy_adapter/core/job_manager.py

@@ -0,0 +1,54 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Simple in-memory job manager for long-running demo commands.
+Not for production use.
+"""
+
+import asyncio
+import uuid
+from typing import Any, Dict, Optional, Awaitable
+
+
+class JobRecord:
+    def __init__(self, task: asyncio.Task):
+        self.task = task
+        self.status = "running"
+        self.result: Optional[Any] = None
+        self.error: Optional[str] = None
+
+
+_jobs: Dict[str, JobRecord] = {}
+
+
+def enqueue_coroutine(coro: Awaitable[Any]) -> str:
+    job_id = str(uuid.uuid4())
+    task = asyncio.create_task(_run_job(job_id, coro))
+    _jobs[job_id] = JobRecord(task)
+    return job_id
+
+
+async def _run_job(job_id: str, coro):
+    rec = _jobs[job_id]
+    try:
+        rec.result = await coro
+        rec.status = "completed"
+    except Exception as exc:  # noqa: BLE001
+        rec.error = str(exc)
+        rec.status = "failed"
+
+
+def get_job_status(job_id: str) -> Dict[str, Any]:
+    rec = _jobs.get(job_id)
+    if not rec:
+        return {"exists": False}
+    return {
+        "exists": True,
+        "status": rec.status,
+        "done": rec.task.done(),
+        "result": rec.result,
+        "error": rec.error,
+    }
+
+