mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/examples/security_test/test_client.py

@@ -0,0 +1,159 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Main security test client for comprehensive testing.
+"""
+
+import time
+from pathlib import Path
+
+from aiohttp import ClientSession, ClientTimeout, TCPConnector
+
+from .test_result import TestResult
+from .ssl_context_manager import SSLContextManager
+from .auth_manager import AuthManager
+
+
+class SecurityTestClient:
+    """Security test client for comprehensive testing."""
+
+    def __init__(self, base_url: str = "http://localhost:8000"):
+        """
+        Initialize security test client.
+
+        Args:
+            base_url: Base URL for the server
+        """
+        self.base_url = base_url
+        self.session: Optional[ClientSession] = None
+        self.test_results: List[TestResult] = []
+        
+        # Initialize managers
+        project_root = Path(__file__).parent.parent.parent.parent
+        self.ssl_manager = SSLContextManager(project_root)
+        self.auth_manager = AuthManager()
+
+    async def __aenter__(self):
+        """Async context manager entry."""
+        timeout = ClientTimeout(total=30)
+        # Create SSL context only for HTTPS URLs
+        if self.base_url.startswith('https://'):
+            # Check if this is mTLS (ports 20006, 20007, 20008 are mTLS test ports)
+            if any(port in self.base_url for port in ['20006', '20007', '20008']):
+                # Use mTLS context with client certificates
+                ssl_context = self.ssl_manager.create_ssl_context_for_mtls()
+            else:
+                # Use regular HTTPS context
+                ssl_context = self.ssl_manager.create_ssl_context()
+            connector = TCPConnector(ssl=ssl_context)
+        else:
+            # For HTTP URLs, use default connector without SSL
+            connector = TCPConnector()
+        
+        # Create session
+        self.session = ClientSession(timeout=timeout, connector=connector)
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        """Async context manager exit."""
+        if self.session:
+            await self.session.close()
+
+    async def test_health_check(
+        self, server_url: str, auth_type: str = "none", **kwargs
+    ) -> TestResult:
+        """Test health check endpoint."""
+        start_time = time.time()
+        test_name = f"Health Check ({auth_type})"
+        try:
+            headers = self.auth_manager.create_auth_headers(auth_type, **kwargs)
+            async with self.session.get(
+                f"{server_url}/health", headers=headers
+            ) as response:
+                duration = time.time() - start_time
+                if response.status == 200:
+                    data = await response.json()
+                    return TestResult(
+                        test_name=test_name,
+                        server_url=server_url,
+                        auth_type=auth_type,
+                        success=True,
+                        status_code=response.status,
+                        response_data=data,
+                        duration=duration
+                    )
+                else:
+                    error_text = await response.text()
+                    return TestResult(
+                        test_name=test_name,
+                        server_url=server_url,
+                        auth_type=auth_type,
+                        success=False,
+                        status_code=response.status,
+                        error_message=f"HTTP {response.status}: {error_text}",
+                        duration=duration
+                    )
+        except Exception as e:
+            duration = time.time() - start_time
+            return TestResult(
+                test_name=test_name,
+                server_url=server_url,
+                auth_type=auth_type,
+                success=False,
+                error_message=str(e),
+                duration=duration
+            )
+
+    async def test_echo_command(
+        self, server_url: str, auth_type: str = "none", **kwargs
+    ) -> TestResult:
+        """Test echo command endpoint."""
+        start_time = time.time()
+        test_name = f"Echo Command ({auth_type})"
+        try:
+            headers = self.auth_manager.create_auth_headers(auth_type, **kwargs)
+            payload = {
+                "jsonrpc": "2.0",
+                "method": "echo",
+                "params": {"message": "Hello from security test client"},
+                "id": 1
+            }
+            async with self.session.post(
+                f"{server_url}/api/jsonrpc", json=payload, headers=headers
+            ) as response:
+                duration = time.time() - start_time
+                if response.status == 200:
+                    data = await response.json()
+                    return TestResult(
+                        test_name=test_name,
+                        server_url=server_url,
+                        auth_type=auth_type,
+                        success=True,
+                        status_code=response.status,
+                        response_data=data,
+                        duration=duration
+                    )
+                else:
+                    error_text = await response.text()
+                    return TestResult(
+                        test_name=test_name,
+                        server_url=server_url,
+                        auth_type=auth_type,
+                        success=False,
+                        status_code=response.status,
+                        error_message=f"HTTP {response.status}: {error_text}",
+                        duration=duration
+                    )
+        except Exception as e:
+            duration = time.time() - start_time
+            return TestResult(
+                test_name=test_name,
+                server_url=server_url,
+                auth_type=auth_type,
+                success=False,
+                error_message=str(e),
+                duration=duration
+            )
+
+

mcp_proxy_adapter/examples/security_test/test_result.py

@@ -0,0 +1,22 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Test result data class for security testing.
+"""
+
+from dataclasses import dataclass
+from typing import Dict, Optional
+
+
+@dataclass
+class TestResult:
+    """Test result data class."""
+    test_name: str
+    server_url: str
+    auth_type: str
+    success: bool
+    status_code: Optional[int] = None
+    response_data: Optional[Dict] = None
+    error_message: Optional[str] = None
+    duration: float = 0.0

mcp_proxy_adapter/examples/security_test_client.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+"""
+Security Test Client for MCP Proxy Adapter
+This client tests various security configurations including:
+- Basic HTTP
+- HTTP + Token authentication
+- HTTPS
+- HTTPS + Token authentication
+- mTLS with certificate authentication
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import asyncio
+import sys
+from pathlib import Path
+
+# Add project root to path for imports
+current_dir = Path(__file__).parent
+parent_dir = current_dir.parent
+if parent_dir.exists():
+    sys.path.insert(0, str(parent_dir))
+sys.path.insert(0, str(current_dir))
+
+# Import mcp_security_framework components
+try:
+    _MCP_SECURITY_AVAILABLE = True
+    print("✅ mcp_security_framework available")
+except ImportError as e:
+    print(f"❌ CRITICAL ERROR: mcp_security_framework is required but not available!")
+    print(f"❌ Import error: {e}")
+    print("❌ Please install mcp_security_framework: pip install mcp_security_framework")
+    raise ImportError("mcp_security_framework is required for security tests") from e
+
+# Import cryptography components
+try:
+    _CRYPTOGRAPHY_AVAILABLE = True
+    print("✅ cryptography available")
+except ImportError:
+    _CRYPTOGRAPHY_AVAILABLE = False
+    print("⚠️ cryptography not available, SSL validation will be limited")
+
+# Import security test components
+from .security_test import SecurityTestClient
+
+
+async def main():
+    """Main function to run security tests."""
+    print("🚀 Starting MCP Proxy Adapter Security Tests")
+    print("=" * 50)
+    
+    # Define test servers
+    test_servers = [
+        "http://localhost:8080",      # HTTP Basic
+        "http://localhost:8080",      # HTTP + Token
+        "https://localhost:8443",     # HTTPS Basic
+        "https://localhost:8443",     # HTTPS + Token
+        "https://localhost:20006",    # mTLS Basic
+        "https://localhost:20007",    # mTLS + Token
+        "https://localhost:20008",    # mTLS + Roles
+    ]
+    
+    # Run security tests
+    async with SecurityTestClient() as client:
+        results = await client.run_security_tests(test_servers)
+        client.print_summary()
+    
+    print("\\n🎉 Security tests completed!")
+
+
+if __name__ == "__main__":
+    asyncio.run(main())

mcp_proxy_adapter/examples/setup/__init__.py

@@ -0,0 +1,24 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Test environment setup package for MCP Proxy Adapter.
+"""
+
+from .config_validator import ConfigurationValidator
+from .test_files_generator import create_test_files
+from .config_generator import create_configuration_documentation, generate_enhanced_configurations
+from .certificate_manager import generate_certificates_with_framework
+from .test_runner import test_proxy_registration, run_full_test_suite
+from .environment_setup import setup_test_environment
+
+__all__ = [
+    "ConfigurationValidator",
+    "create_test_files", 
+    "create_configuration_documentation",
+    "generate_enhanced_configurations",
+    "generate_certificates_with_framework",
+    "test_proxy_registration",
+    "run_full_test_suite",
+    "setup_test_environment",
+]

mcp_proxy_adapter/examples/setup/certificate_manager.py

@@ -0,0 +1,215 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Certificate manager for MCP Proxy Adapter test environment setup.
+"""
+
+import os
+import subprocess
+from pathlib import Path
+from typing import bool
+
+
+def generate_certificates_with_framework(output_dir: Path) -> bool:
+    """
+    Generate certificates using mcp_security_framework if available.
+
+    Args:
+        output_dir: Directory to generate certificates in
+
+    Returns:
+        True if certificates were generated successfully, False otherwise
+    """
+    try:
+        from mcp_security_framework.core.cert_manager import CertificateManager
+            CertificateConfig,
+            CAConfig,
+            ServerCertConfig,
+            ClientCertConfig,
+        )
+
+        print("🔐 Generating certificates using mcp_security_framework...")
+
+        # Create certificate directories
+        certs_dir = output_dir / "certs"
+        keys_dir = output_dir / "keys"
+        certs_dir.mkdir(parents=True, exist_ok=True)
+        keys_dir.mkdir(parents=True, exist_ok=True)
+
+        # Initialize certificate manager
+        cert_manager = CertificateManager()
+
+        # Generate CA certificate
+        ca_config = CAConfig(
+            common_name="MCP Test CA",
+            country="US",
+            state="Test State",
+            city="Test City",
+            organization="MCP Test Org",
+            organizational_unit="Test Unit",
+            validity_days=365
+        )
+
+        ca_cert_path = certs_dir / "ca_cert.pem"
+        ca_key_path = keys_dir / "ca_key.pem"
+
+        print("📜 Generating CA certificate...")
+        cert_manager.generate_ca_certificate(
+            ca_config,
+            str(ca_cert_path),
+            str(ca_key_path)
+        )
+
+        # Generate server certificate
+        server_config = ServerCertConfig(
+            common_name="localhost",
+            san_dns=["localhost", "127.0.0.1"],
+            san_ip=["127.0.0.1", "::1"],
+            validity_days=365
+        )
+
+        server_cert_path = certs_dir / "localhost_server.crt"
+        server_key_path = keys_dir / "server_key.pem"
+
+        print("🖥️ Generating server certificate...")
+        cert_manager.generate_server_certificate(
+            server_config,
+            str(server_cert_path),
+            str(server_key_path),
+            str(ca_cert_path),
+            str(ca_key_path)
+        )
+
+        # Generate client certificate
+        client_config = ClientCertConfig(
+            common_name="test-client",
+            validity_days=365
+        )
+
+        client_cert_path = certs_dir / "client_cert.pem"
+        client_key_path = keys_dir / "client_key.pem"
+
+        print("👤 Generating client certificate...")
+        cert_manager.generate_client_certificate(
+            client_config,
+            str(client_cert_path),
+            str(client_key_path),
+            str(ca_cert_path),
+            str(ca_key_path)
+        )
+
+        print("✅ Certificates generated successfully!")
+        print(f"   CA Certificate: {ca_cert_path}")
+        print(f"   Server Certificate: {server_cert_path}")
+        print(f"   Client Certificate: {client_cert_path}")
+
+        return True
+
+    except ImportError:
+        print("⚠️ mcp_security_framework not available, using OpenSSL fallback...")
+        return _generate_certificates_with_openssl(output_dir)
+    except Exception as e:
+        print(f"❌ Error generating certificates with framework: {e}")
+        print("🔄 Falling back to OpenSSL...")
+        return _generate_certificates_with_openssl(output_dir)
+
+
+def _generate_certificates_with_openssl(output_dir: Path) -> bool:
+    """
+    Generate certificates using OpenSSL as fallback.
+
+    Args:
+        output_dir: Directory to generate certificates in
+
+    Returns:
+        True if certificates were generated successfully, False otherwise
+    """
+    try:
+        print("🔐 Generating certificates using OpenSSL...")
+
+        # Create certificate directories
+        certs_dir = output_dir / "certs"
+        keys_dir = output_dir / "keys"
+        certs_dir.mkdir(parents=True, exist_ok=True)
+        keys_dir.mkdir(parents=True, exist_ok=True)
+
+        # Generate CA private key
+        ca_key_path = keys_dir / "ca_key.pem"
+        subprocess.run([
+            "openssl", "genrsa", "-out", str(ca_key_path), "2048"
+        ], check=True)
+
+        # Generate CA certificate
+        ca_cert_path = certs_dir / "ca_cert.pem"
+        subprocess.run([
+            "openssl", "req", "-new", "-x509", "-key", str(ca_key_path),
+            "-out", str(ca_cert_path), "-days", "365",
+            "-subj", "/C=US/ST=Test/L=Test/O=Test/OU=Test/CN=MCP Test CA"
+        ], check=True)
+
+        # Generate server private key
+        server_key_path = keys_dir / "server_key.pem"
+        subprocess.run([
+            "openssl", "genrsa", "-out", str(server_key_path), "2048"
+        ], check=True)
+
+        # Generate server certificate request
+        server_csr_path = certs_dir / "server.csr"
+        subprocess.run([
+            "openssl", "req", "-new", "-key", str(server_key_path),
+            "-out", str(server_csr_path),
+            "-subj", "/C=US/ST=Test/L=Test/O=Test/OU=Test/CN=localhost"
+        ], check=True)
+
+        # Generate server certificate
+        server_cert_path = certs_dir / "localhost_server.crt"
+        subprocess.run([
+            "openssl", "x509", "-req", "-in", str(server_csr_path),
+            "-CA", str(ca_cert_path), "-CAkey", str(ca_key_path),
+            "-out", str(server_cert_path), "-days", "365",
+            "-CAcreateserial"
+        ], check=True)
+
+        # Generate client private key
+        client_key_path = keys_dir / "client_key.pem"
+        subprocess.run([
+            "openssl", "genrsa", "-out", str(client_key_path), "2048"
+        ], check=True)
+
+        # Generate client certificate request
+        client_csr_path = certs_dir / "client.csr"
+        subprocess.run([
+            "openssl", "req", "-new", "-key", str(client_key_path),
+            "-out", str(client_csr_path),
+            "-subj", "/C=US/ST=Test/L=Test/O=Test/OU=Test/CN=test-client"
+        ], check=True)
+
+        # Generate client certificate
+        client_cert_path = certs_dir / "client_cert.pem"
+        subprocess.run([
+            "openssl", "x509", "-req", "-in", str(client_csr_path),
+            "-CA", str(ca_cert_path), "-CAkey", str(ca_key_path),
+            "-out", str(client_cert_path), "-days", "365"
+        ], check=True)
+
+        # Clean up CSR files
+        server_csr_path.unlink(missing_ok=True)
+        client_csr_path.unlink(missing_ok=True)
+
+        print("✅ Certificates generated successfully with OpenSSL!")
+        print(f"   CA Certificate: {ca_cert_path}")
+        print(f"   Server Certificate: {server_cert_path}")
+        print(f"   Client Certificate: {client_cert_path}")
+
+        return True
+
+    except subprocess.CalledProcessError as e:
+        print(f"❌ OpenSSL command failed: {e}")
+        return False
+    except FileNotFoundError:
+        print("❌ OpenSSL not found. Please install OpenSSL or mcp_security_framework")
+        return False
+    except Exception as e:
+        print(f"❌ Error generating certificates with OpenSSL: {e}")
+        return False

mcp_proxy_adapter/examples/setup/config_generator.py

@@ -0,0 +1,12 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Configuration generator for MCP Proxy Adapter test environment setup.
+"""
+
+from pathlib import Path
+
+
+
+

mcp_proxy_adapter/examples/setup/config_validator.py

@@ -0,0 +1,118 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Configuration validator for MCP Proxy Adapter test environment setup.
+"""
+
+from typing import Dict, List, Any, Tuple
+
+
+class ConfigurationValidator:
+    """
+    Validates MCP Proxy Adapter configurations for mutually exclusive settings
+    and protocol compatibility.
+    """
+
+    def __init__(self):
+        self.errors: List[str] = []
+        self.warnings: List[str] = []
+
+
+    def _validate_protocol_settings(
+        self, config: Dict[str, Any], config_name: str
+    ) -> None:
+        """Validate protocol configuration settings."""
+        protocols = config.get("protocols", {})
+
+        if not protocols.get("enabled", False):
+            self.warnings.append(
+                f"⚠️ {config_name}: Protocol middleware is disabled - all protocols will be allowed"
+            )
+            return
+
+        allowed_protocols = protocols.get("allowed_protocols", [])
+        if not allowed_protocols:
+            self.errors.append(
+                f"❌ {config_name}: No allowed protocols specified when protocol middleware is enabled"
+            )
+            return
+
+        # Check for invalid protocol combinations
+        if "http" in allowed_protocols and "https" in allowed_protocols:
+            self.warnings.append(
+                f"⚠️ {config_name}: Both HTTP and HTTPS protocols are allowed - consider security implications"
+            )
+
+        if "mtls" in allowed_protocols and "http" in allowed_protocols:
+            self.errors.append(
+                f"❌ {config_name}: mTLS and HTTP protocols are mutually exclusive - mTLS requires HTTPS"
+            )
+
+    def _validate_ssl_settings(self, config: Dict[str, Any], config_name: str) -> None:
+        """Validate SSL/TLS configuration settings."""
+        security = config.get("security", {})
+        ssl = security.get("ssl", {})
+
+        if not ssl.get("enabled", False):
+            return
+
+        # Check certificate file requirements
+        cert_file = ssl.get("server_cert_file")
+        key_file = ssl.get("server_key_file")
+
+        if not cert_file or not key_file:
+            self.errors.append(
+                f"❌ {config_name}: SSL enabled but server certificate or key file not specified"
+            )
+
+        # Check CA certificate requirements
+        ca_cert_file = ssl.get("ca_cert_file")
+        verify_server = ssl.get("verify_server", True)
+
+        if verify_server and not ca_cert_file:
+            self.warnings.append(
+                f"⚠️ {config_name}: Server verification enabled but no CA certificate specified"
+            )
+
+    def _validate_mtls_settings(self, config: Dict[str, Any], config_name: str) -> None:
+        """Validate mTLS configuration settings."""
+        security = config.get("security", {})
+        ssl = security.get("ssl", {})
+
+        if not ssl.get("enabled", False):
+            return
+
+        # Check if mTLS is configured
+        client_cert_file = ssl.get("client_cert_file")
+        client_key_file = ssl.get("client_key_file")
+        verify_client = ssl.get("verify_client", False)
+
+        if verify_client and (not client_cert_file or not client_key_file):
+            self.errors.append(
+                f"❌ {config_name}: Client verification enabled but client certificate or key file not specified"
+            )
+
+        # Check protocol compatibility
+        protocols = config.get("protocols", {})
+        if protocols.get("enabled", False):
+            allowed_protocols = protocols.get("allowed_protocols", [])
+            if verify_client and "mtls" not in allowed_protocols:
+                self.warnings.append(
+                    f"⚠️ {config_name}: Client verification enabled but 'mtls' not in allowed protocols"
+                )
+
+    def _validate_auth_settings(self, config: Dict[str, Any], config_name: str) -> None:
+        """Validate authentication configuration settings."""
+        security = config.get("security", {})
+        auth = security.get("auth", {})
+
+        if not auth.get("enabled", False):
+            return
+
+        # Check token requirements
+        token_required = auth.get("token_required", False)
+        if token_required and not auth.get("token_secret"):
+            self.errors.append(
+                f"❌ {config_name}: Token authentication enabled but no token secret specified"
+            )

mcp_proxy_adapter/examples/setup/environment_setup.py

@@ -0,0 +1,62 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Environment setup for MCP Proxy Adapter test environment.
+"""
+
+import shutil
+from pathlib import Path
+from typing import bool
+
+from .config_generator import create_configuration_documentation, generate_enhanced_configurations
+from .test_files_generator import create_test_files
+from .certificate_manager import generate_certificates_with_framework
+
+
+
+
+def _create_directory_structure(output_dir: Path) -> None:
+    """Create the required directory structure."""
+    directories = [
+        "configs",
+        "certs", 
+        "keys",
+        "docs",
+        "examples",
+        "logs"
+    ]
+    
+    for directory in directories:
+        dir_path = output_dir / directory
+        dir_path.mkdir(parents=True, exist_ok=True)
+        print(f"   Created: {dir_path}")
+
+
+def _copy_example_files(output_dir: Path) -> None:
+    """Copy example files from the package."""
+    try:
+        # Get package paths
+        package_path = Path(__file__).parent.parent.parent.parent
+        examples_path = package_path / "examples"
+        
+        # Copy example files
+        examples_dest = output_dir / "examples"
+        if examples_path.exists():
+            shutil.copytree(examples_path, examples_dest, dirs_exist_ok=True)
+            print(f"   Copied examples to: {examples_dest}")
+        else:
+            print("   ⚠️ Examples directory not found, skipping...")
+            
+    except Exception as e:
+        print(f"   ⚠️ Error copying example files: {e}")
+
+
+def _create_setup_completion_marker(output_dir: Path) -> None:
+    """Create a marker file indicating setup completion."""
+    marker_file = output_dir / ".setup_complete"
+    with open(marker_file, "w", encoding="utf-8") as f:
+        f.write("MCP Proxy Adapter test environment setup completed successfully.\n")
+        f.write("Generated by setup_test_environment.py\n")
+    
+    print(f"   Created setup marker: {marker_file}")