mcp-proxy-adapter 4.1.0__py3-none-any.whl → 6.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. mcp_proxy_adapter/__main__.py +12 -0
  2. mcp_proxy_adapter/api/app.py +138 -11
  3. mcp_proxy_adapter/api/handlers.py +16 -1
  4. mcp_proxy_adapter/api/middleware/__init__.py +30 -29
  5. mcp_proxy_adapter/api/middleware/auth_adapter.py +235 -0
  6. mcp_proxy_adapter/api/middleware/error_handling.py +9 -0
  7. mcp_proxy_adapter/api/middleware/factory.py +219 -0
  8. mcp_proxy_adapter/api/middleware/logging.py +32 -6
  9. mcp_proxy_adapter/api/middleware/mtls_adapter.py +305 -0
  10. mcp_proxy_adapter/api/middleware/mtls_middleware.py +296 -0
  11. mcp_proxy_adapter/api/middleware/protocol_middleware.py +135 -0
  12. mcp_proxy_adapter/api/middleware/rate_limit_adapter.py +241 -0
  13. mcp_proxy_adapter/api/middleware/roles_adapter.py +365 -0
  14. mcp_proxy_adapter/api/middleware/roles_middleware.py +381 -0
  15. mcp_proxy_adapter/api/middleware/security.py +376 -0
  16. mcp_proxy_adapter/api/middleware/token_auth_middleware.py +261 -0
  17. mcp_proxy_adapter/api/middleware/transport_middleware.py +122 -0
  18. mcp_proxy_adapter/commands/__init__.py +13 -4
  19. mcp_proxy_adapter/commands/auth_validation_command.py +408 -0
  20. mcp_proxy_adapter/commands/base.py +61 -30
  21. mcp_proxy_adapter/commands/builtin_commands.py +89 -0
  22. mcp_proxy_adapter/commands/catalog_manager.py +838 -0
  23. mcp_proxy_adapter/commands/cert_monitor_command.py +620 -0
  24. mcp_proxy_adapter/commands/certificate_management_command.py +608 -0
  25. mcp_proxy_adapter/commands/command_registry.py +705 -345
  26. mcp_proxy_adapter/commands/dependency_manager.py +245 -0
  27. mcp_proxy_adapter/commands/health_command.py +7 -0
  28. mcp_proxy_adapter/commands/hooks.py +200 -167
  29. mcp_proxy_adapter/commands/key_management_command.py +506 -0
  30. mcp_proxy_adapter/commands/load_command.py +176 -0
  31. mcp_proxy_adapter/commands/plugins_command.py +235 -0
  32. mcp_proxy_adapter/commands/protocol_management_command.py +232 -0
  33. mcp_proxy_adapter/commands/proxy_registration_command.py +268 -0
  34. mcp_proxy_adapter/commands/reload_command.py +48 -50
  35. mcp_proxy_adapter/commands/result.py +1 -0
  36. mcp_proxy_adapter/commands/roles_management_command.py +697 -0
  37. mcp_proxy_adapter/commands/ssl_setup_command.py +483 -0
  38. mcp_proxy_adapter/commands/token_management_command.py +529 -0
  39. mcp_proxy_adapter/commands/transport_management_command.py +144 -0
  40. mcp_proxy_adapter/commands/unload_command.py +158 -0
  41. mcp_proxy_adapter/config.py +99 -2
  42. mcp_proxy_adapter/core/auth_validator.py +606 -0
  43. mcp_proxy_adapter/core/certificate_utils.py +827 -0
  44. mcp_proxy_adapter/core/config_converter.py +405 -0
  45. mcp_proxy_adapter/core/config_validator.py +218 -0
  46. mcp_proxy_adapter/core/logging.py +11 -0
  47. mcp_proxy_adapter/core/protocol_manager.py +226 -0
  48. mcp_proxy_adapter/core/proxy_registration.py +270 -0
  49. mcp_proxy_adapter/core/role_utils.py +426 -0
  50. mcp_proxy_adapter/core/security_adapter.py +373 -0
  51. mcp_proxy_adapter/core/security_factory.py +239 -0
  52. mcp_proxy_adapter/core/settings.py +1 -0
  53. mcp_proxy_adapter/core/ssl_utils.py +233 -0
  54. mcp_proxy_adapter/core/transport_manager.py +292 -0
  55. mcp_proxy_adapter/custom_openapi.py +22 -11
  56. mcp_proxy_adapter/examples/basic_server/config.json +58 -23
  57. mcp_proxy_adapter/examples/basic_server/config_all_protocols.json +54 -0
  58. mcp_proxy_adapter/examples/basic_server/config_http.json +70 -0
  59. mcp_proxy_adapter/examples/basic_server/config_http_only.json +52 -0
  60. mcp_proxy_adapter/examples/basic_server/config_https.json +58 -0
  61. mcp_proxy_adapter/examples/basic_server/config_mtls.json +58 -0
  62. mcp_proxy_adapter/examples/basic_server/config_ssl.json +46 -0
  63. mcp_proxy_adapter/examples/basic_server/server.py +17 -1
  64. mcp_proxy_adapter/examples/custom_commands/__init__.py +1 -1
  65. mcp_proxy_adapter/examples/custom_commands/advanced_hooks.py +339 -23
  66. mcp_proxy_adapter/examples/custom_commands/auto_commands/test_command.py +105 -0
  67. mcp_proxy_adapter/examples/custom_commands/catalog/commands/test_command.py +129 -0
  68. mcp_proxy_adapter/examples/custom_commands/config.json +97 -41
  69. mcp_proxy_adapter/examples/custom_commands/config_all_protocols.json +46 -0
  70. mcp_proxy_adapter/examples/custom_commands/config_https_only.json +46 -0
  71. mcp_proxy_adapter/examples/custom_commands/config_https_transport.json +33 -0
  72. mcp_proxy_adapter/examples/custom_commands/config_mtls_only.json +46 -0
  73. mcp_proxy_adapter/examples/custom_commands/config_mtls_transport.json +33 -0
  74. mcp_proxy_adapter/examples/custom_commands/config_single_transport.json +33 -0
  75. mcp_proxy_adapter/examples/custom_commands/full_help_response.json +1 -0
  76. mcp_proxy_adapter/examples/custom_commands/generated_openapi.json +629 -0
  77. mcp_proxy_adapter/examples/custom_commands/get_openapi.py +103 -0
  78. mcp_proxy_adapter/examples/custom_commands/loadable_commands/test_ignored.py +129 -0
  79. mcp_proxy_adapter/examples/custom_commands/proxy_connection_manager.py +278 -0
  80. mcp_proxy_adapter/examples/custom_commands/server.py +92 -63
  81. mcp_proxy_adapter/examples/custom_commands/simple_openapi_server.py +75 -0
  82. mcp_proxy_adapter/examples/custom_commands/start_server_with_proxy_manager.py +299 -0
  83. mcp_proxy_adapter/examples/custom_commands/start_server_with_registration.py +278 -0
  84. mcp_proxy_adapter/examples/custom_commands/test_openapi.py +27 -0
  85. mcp_proxy_adapter/examples/custom_commands/test_registry.py +23 -0
  86. mcp_proxy_adapter/examples/custom_commands/test_simple.py +19 -0
  87. mcp_proxy_adapter/examples/custom_project_example/README.md +103 -0
  88. mcp_proxy_adapter/examples/custom_project_example/README_EN.md +103 -0
  89. mcp_proxy_adapter/examples/simple_custom_commands/README.md +149 -0
  90. mcp_proxy_adapter/examples/simple_custom_commands/README_EN.md +149 -0
  91. mcp_proxy_adapter/main.py +175 -0
  92. mcp_proxy_adapter/schemas/roles_schema.json +162 -0
  93. mcp_proxy_adapter/tests/unit/test_config.py +53 -0
  94. mcp_proxy_adapter/version.py +1 -1
  95. {mcp_proxy_adapter-4.1.0.dist-info → mcp_proxy_adapter-6.0.0.dist-info}/METADATA +2 -1
  96. mcp_proxy_adapter-6.0.0.dist-info/RECORD +179 -0
  97. mcp_proxy_adapter/commands/reload_settings_command.py +0 -125
  98. mcp_proxy_adapter-4.1.0.dist-info/RECORD +0 -110
  99. {mcp_proxy_adapter-4.1.0.dist-info → mcp_proxy_adapter-6.0.0.dist-info}/WHEEL +0 -0
  100. {mcp_proxy_adapter-4.1.0.dist-info → mcp_proxy_adapter-6.0.0.dist-info}/licenses/LICENSE +0 -0
  101. {mcp_proxy_adapter-4.1.0.dist-info → mcp_proxy_adapter-6.0.0.dist-info}/top_level.txt +0 -0
mcp_proxy_adapter/api/middleware/transport_middleware.py ADDED
@@ -0,0 +1,122 @@
1
+ """
2
+ Transport Middleware Module
3
+
4
+ This module provides middleware for transport validation in the MCP Proxy Adapter.
5
+ """
6
+
7
+ from typing import Callable
8
+ from fastapi import Request, Response
9
+ from fastapi.responses import JSONResponse
10
+ from starlette.middleware.base import BaseHTTPMiddleware
11
+
12
+ from mcp_proxy_adapter.core.transport_manager import transport_manager
13
+ from mcp_proxy_adapter.core.logging import logger
14
+
15
+
16
+ class TransportMiddleware(BaseHTTPMiddleware):
17
+ """Middleware for transport validation."""
18
+
19
+ def __init__(self, app, transport_manager_instance=None):
20
+ """
21
+ Initialize transport middleware.
22
+
23
+ Args:
24
+ app: FastAPI application
25
+ transport_manager_instance: Transport manager instance (optional)
26
+ """
27
+ super().__init__(app)
28
+ self.transport_manager = transport_manager_instance or transport_manager
29
+
30
+ async def dispatch(self, request: Request, call_next: Callable) -> Response:
31
+ """
32
+ Process request through transport middleware.
33
+
34
+ Args:
35
+ request: Incoming request
36
+ call_next: Next middleware/endpoint
37
+
38
+ Returns:
39
+ Response from next middleware/endpoint or error response
40
+ """
41
+ # Determine transport type from request
42
+ transport_type = self._get_request_transport_type(request)
43
+
44
+ # Check if request matches configured transport
45
+ if not self._is_transport_allowed(transport_type):
46
+ configured_type = self.transport_manager.get_transport_type()
47
+ configured_type_str = configured_type.value if configured_type else "not configured"
48
+ logger.warning(f"Transport not allowed: {transport_type} for {request.url}")
49
+ return JSONResponse(
50
+ status_code=403,
51
+ content={
52
+ "error": "Transport not allowed",
53
+ "message": f"Transport '{transport_type}' is not allowed. Configured transport: {configured_type_str}",
54
+ "configured_transport": configured_type_str,
55
+ "request_url": str(request.url)
56
+ }
57
+ )
58
+
59
+ # Add transport info to request state
60
+ request.state.transport_type = transport_type
61
+ request.state.transport_allowed = True
62
+
63
+ response = await call_next(request)
64
+ return response
65
+
66
+ def _get_request_transport_type(self, request: Request) -> str:
67
+ """
68
+ Determine transport type from request.
69
+
70
+ Args:
71
+ request: Incoming request
72
+
73
+ Returns:
74
+ Transport type string
75
+ """
76
+ if request.url.scheme == "https":
77
+ # Check for client certificate for MTLS
78
+ if self._has_client_certificate(request):
79
+ return "mtls"
80
+ return "https"
81
+ return "http"
82
+
83
+ def _has_client_certificate(self, request: Request) -> bool:
84
+ """
85
+ Check if request has client certificate.
86
+
87
+ Args:
88
+ request: Incoming request
89
+
90
+ Returns:
91
+ True if client certificate is present, False otherwise
92
+ """
93
+ # Check for client certificate in request headers or SSL context
94
+ # This is a simplified check - in production, you might need more sophisticated detection
95
+ client_cert_header = request.headers.get("ssl-client-cert")
96
+ if client_cert_header:
97
+ return True
98
+
99
+ # Check if request has SSL client certificate context
100
+ if hasattr(request, "client") and request.client:
101
+ # In a real implementation, you would check the SSL context
102
+ # For now, we'll assume HTTPS with client cert is MTLS
103
+ return self.transport_manager.is_mtls()
104
+
105
+ return False
106
+
107
+ def _is_transport_allowed(self, transport_type: str) -> bool:
108
+ """
109
+ Check if transport type is allowed.
110
+
111
+ Args:
112
+ transport_type: Transport type to check
113
+
114
+ Returns:
115
+ True if transport is allowed, False otherwise
116
+ """
117
+ configured_type = self.transport_manager.get_transport_type()
118
+ if not configured_type:
119
+ logger.error("Transport not configured")
120
+ return False
121
+
122
+ return transport_type == configured_type.value
mcp_proxy_adapter/commands/__init__.py CHANGED
@@ -6,9 +6,12 @@ from mcp_proxy_adapter.commands.base import Command
6
6
  from mcp_proxy_adapter.commands.command_registry import registry, CommandRegistry
7
7
  from mcp_proxy_adapter.commands.dependency_container import container, DependencyContainer
8
8
  from mcp_proxy_adapter.commands.result import CommandResult, SuccessResult, ErrorResult
9
-
10
- # Automatically discover and register commands
11
- registry.discover_commands()
9
+ from mcp_proxy_adapter.commands.auth_validation_command import AuthValidationCommand
10
+ from mcp_proxy_adapter.commands.ssl_setup_command import SSLSetupCommand
11
+ from mcp_proxy_adapter.commands.certificate_management_command import CertificateManagementCommand
12
+ from mcp_proxy_adapter.commands.key_management_command import KeyManagementCommand
13
+ from mcp_proxy_adapter.commands.cert_monitor_command import CertMonitorCommand
14
+ from mcp_proxy_adapter.commands.transport_management_command import TransportManagementCommand
12
15
 
13
16
  __all__ = [
14
17
  "Command",
@@ -18,5 +21,11 @@ __all__ = [
18
21
  "registry",
19
22
  "CommandRegistry",
20
23
  "container",
21
- "DependencyContainer"
24
+ "DependencyContainer",
25
+ "AuthValidationCommand",
26
+ "SSLSetupCommand",
27
+ "CertificateManagementCommand",
28
+ "KeyManagementCommand",
29
+ "CertMonitorCommand",
30
+ "TransportManagementCommand"
22
31
  ]
mcp_proxy_adapter/commands/auth_validation_command.py ADDED
@@ -0,0 +1,408 @@
1
+ """
2
+ Authentication Validation Commands
3
+
4
+ This module provides commands for validating different types of authentication:
5
+ - Universal authentication validation
6
+ - Certificate validation
7
+ - Token validation
8
+ - mTLS validation
9
+ - SSL validation
10
+
11
+ Author: MCP Proxy Adapter Team
12
+ Version: 1.0.0
13
+ """
14
+
15
+ import logging
16
+ from typing import Dict, List, Any, Optional, Union
17
+
18
+ from ..commands.base import Command
19
+ from ..commands.result import SuccessResult, ErrorResult
20
+ from ..core.auth_validator import AuthValidator, AuthValidationResult
21
+
22
+
23
+ class AuthValidationCommand(Command):
24
+ """
25
+ Authentication validation commands.
26
+
27
+ Provides commands for validating different types of authentication
28
+ using the universal AuthValidator.
29
+ """
30
+
31
+ def __init__(self):
32
+ """Initialize authentication validation command."""
33
+ super().__init__()
34
+ self.validator = AuthValidator()
35
+ self.logger = logging.getLogger(__name__)
36
+
37
+ async def auth_validate(self, auth_data: Dict[str, Any]) -> Union[SuccessResult, ErrorResult]:
38
+ """
39
+ Universal authentication validation.
40
+
41
+ Validates authentication data based on the provided type.
42
+ Supports certificate, token, mTLS, and SSL validation.
43
+
44
+ Args:
45
+ auth_data: Authentication data dictionary containing:
46
+ - auth_type: Type of authentication (auto/certificate/token/mtls/ssl)
47
+ - cert_path: Path to certificate file (for certificate/mtls/ssl)
48
+ - cert_type: Type of certificate (server/client/ca)
49
+ - token: Token string (for token validation)
50
+ - token_type: Type of token (jwt/api)
51
+ - client_cert: Path to client certificate (for mTLS)
52
+ - ca_cert: Path to CA certificate (for mTLS)
53
+ - server_cert: Path to server certificate (for SSL)
54
+
55
+ Returns:
56
+ CommandResult with validation status and extracted roles
57
+ """
58
+ try:
59
+ auth_type = auth_data.get("auth_type", "auto")
60
+
61
+ # Perform validation
62
+ result = self.validator.validate_auth(auth_data, auth_type)
63
+
64
+ if result.is_valid:
65
+ return SuccessResult(
66
+ data={
67
+ "valid": True,
68
+ "roles": result.roles,
69
+ "auth_type": auth_type
70
+ }
71
+ )
72
+ else:
73
+ error_data = result.to_json_rpc_error()
74
+ return ErrorResult(
75
+ message=error_data["message"],
76
+ code=error_data["code"]
77
+ )
78
+
79
+ except Exception as e:
80
+ self.logger.error(f"Authentication validation error: {e}")
81
+ return ErrorResult(
82
+ message=f"Internal authentication validation error: {str(e)}",
83
+ code=-32603
84
+ )
85
+
86
+ async def auth_validate_cert(self, cert_path: str, cert_type: str = "server") -> Union[SuccessResult, ErrorResult]:
87
+ """
88
+ Validate certificate.
89
+
90
+ Validates a certificate file and extracts roles if present.
91
+
92
+ Args:
93
+ cert_path: Path to certificate file
94
+ cert_type: Type of certificate (server/client/ca)
95
+
96
+ Returns:
97
+ CommandResult with certificate validation status and roles
98
+ """
99
+ try:
100
+ # Perform certificate validation
101
+ result = self.validator.validate_certificate(cert_path, cert_type)
102
+
103
+ if result.is_valid:
104
+ return SuccessResult(
105
+ data={
106
+ "valid": True,
107
+ "cert_path": cert_path,
108
+ "cert_type": cert_type,
109
+ "roles": result.roles
110
+ }
111
+ )
112
+ else:
113
+ error_data = result.to_json_rpc_error()
114
+ return ErrorResult(
115
+ message=error_data["message"],
116
+ code=error_data["code"]
117
+ )
118
+
119
+ except Exception as e:
120
+ self.logger.error(f"Certificate validation error: {e}")
121
+ return ErrorResult(
122
+ message=f"Internal certificate validation error: {str(e)}",
123
+ code=-32603
124
+ )
125
+
126
+ async def auth_validate_token(self, token: str, token_type: str = "jwt") -> Union[SuccessResult, ErrorResult]:
127
+ """
128
+ Validate token.
129
+
130
+ Validates a token and extracts roles if present.
131
+
132
+ Args:
133
+ token: Token string to validate
134
+ token_type: Type of token (jwt/api)
135
+
136
+ Returns:
137
+ CommandResult with token validation status and roles
138
+ """
139
+ try:
140
+ # Perform token validation
141
+ result = self.validator.validate_token(token, token_type)
142
+
143
+ if result.is_valid:
144
+ return SuccessResult(
145
+ data={
146
+ "valid": True,
147
+ "token_type": token_type,
148
+ "roles": result.roles
149
+ }
150
+ )
151
+ else:
152
+ error_data = result.to_json_rpc_error()
153
+ return ErrorResult(
154
+ message=error_data["message"],
155
+ code=error_data["code"]
156
+ )
157
+
158
+ except Exception as e:
159
+ self.logger.error(f"Token validation error: {e}")
160
+ return ErrorResult(
161
+ message=f"Internal token validation error: {str(e)}",
162
+ code=-32603
163
+ )
164
+
165
+ async def auth_validate_mtls(self, client_cert: str, ca_cert: str) -> Union[SuccessResult, ErrorResult]:
166
+ """
167
+ Validate mTLS connection.
168
+
169
+ Validates client certificate against CA certificate and extracts roles.
170
+
171
+ Args:
172
+ client_cert: Path to client certificate
173
+ ca_cert: Path to CA certificate
174
+
175
+ Returns:
176
+ CommandResult with mTLS validation status and roles
177
+ """
178
+ try:
179
+ # Perform mTLS validation
180
+ result = self.validator.validate_mtls(client_cert, ca_cert)
181
+
182
+ if result.is_valid:
183
+ return SuccessResult(
184
+ data={
185
+ "valid": True,
186
+ "client_cert": client_cert,
187
+ "ca_cert": ca_cert,
188
+ "roles": result.roles
189
+ }
190
+ )
191
+ else:
192
+ error_data = result.to_json_rpc_error()
193
+ return ErrorResult(
194
+ message=error_data["message"],
195
+ code=error_data["code"]
196
+ )
197
+
198
+ except Exception as e:
199
+ self.logger.error(f"mTLS validation error: {e}")
200
+ return ErrorResult(
201
+ message=f"Internal mTLS validation error: {str(e)}",
202
+ code=-32603
203
+ )
204
+
205
+ async def auth_validate_ssl(self, server_cert: str) -> Union[SuccessResult, ErrorResult]:
206
+ """
207
+ Validate SSL connection.
208
+
209
+ Validates server certificate and extracts roles if present.
210
+
211
+ Args:
212
+ server_cert: Path to server certificate
213
+
214
+ Returns:
215
+ CommandResult with SSL validation status and roles
216
+ """
217
+ try:
218
+ # Perform SSL validation
219
+ result = self.validator.validate_ssl(server_cert)
220
+
221
+ if result.is_valid:
222
+ return SuccessResult(
223
+ data={
224
+ "valid": True,
225
+ "server_cert": server_cert,
226
+ "roles": result.roles
227
+ }
228
+ )
229
+ else:
230
+ error_data = result.to_json_rpc_error()
231
+ return ErrorResult(
232
+ message=error_data["message"],
233
+ code=error_data["code"]
234
+ )
235
+
236
+ except Exception as e:
237
+ self.logger.error(f"SSL validation error: {e}")
238
+ return ErrorResult(
239
+ message=f"Internal SSL validation error: {str(e)}",
240
+ code=-32603
241
+ )
242
+
243
+ async def execute(self, **kwargs) -> Union[SuccessResult, ErrorResult]:
244
+ """
245
+ Execute authentication validation command.
246
+
247
+ This is a placeholder method to satisfy the abstract base class.
248
+ Individual validation methods should be called directly.
249
+
250
+ Args:
251
+ **kwargs: Command parameters
252
+
253
+ Returns:
254
+ Command result
255
+ """
256
+ return ErrorResult(
257
+ message="Method not found. Use specific validation methods instead.",
258
+ code=-32601
259
+ )
260
+
261
+ @classmethod
262
+ def get_schema(cls) -> Dict[str, Any]:
263
+ """
264
+ Get command schema for documentation.
265
+
266
+ Returns:
267
+ Dictionary containing command schema
268
+ """
269
+ return {
270
+ "auth_validate": {
271
+ "description": "Universal authentication validation",
272
+ "parameters": {
273
+ "auth_data": {
274
+ "type": "object",
275
+ "description": "Authentication data dictionary",
276
+ "properties": {
277
+ "auth_type": {
278
+ "type": "string",
279
+ "enum": ["auto", "certificate", "token", "mtls", "ssl"],
280
+ "description": "Type of authentication to validate"
281
+ },
282
+ "cert_path": {
283
+ "type": "string",
284
+ "description": "Path to certificate file"
285
+ },
286
+ "cert_type": {
287
+ "type": "string",
288
+ "enum": ["server", "client", "ca"],
289
+ "description": "Type of certificate"
290
+ },
291
+ "token": {
292
+ "type": "string",
293
+ "description": "Token string to validate"
294
+ },
295
+ "token_type": {
296
+ "type": "string",
297
+ "enum": ["jwt", "api"],
298
+ "description": "Type of token"
299
+ },
300
+ "client_cert": {
301
+ "type": "string",
302
+ "description": "Path to client certificate (for mTLS)"
303
+ },
304
+ "ca_cert": {
305
+ "type": "string",
306
+ "description": "Path to CA certificate (for mTLS)"
307
+ },
308
+ "server_cert": {
309
+ "type": "string",
310
+ "description": "Path to server certificate (for SSL)"
311
+ }
312
+ }
313
+ }
314
+ },
315
+ "returns": {
316
+ "type": "object",
317
+ "properties": {
318
+ "valid": {"type": "boolean"},
319
+ "roles": {"type": "array", "items": {"type": "string"}},
320
+ "auth_type": {"type": "string"}
321
+ }
322
+ }
323
+ },
324
+ "auth_validate_cert": {
325
+ "description": "Validate certificate",
326
+ "parameters": {
327
+ "cert_path": {
328
+ "type": "string",
329
+ "description": "Path to certificate file"
330
+ },
331
+ "cert_type": {
332
+ "type": "string",
333
+ "enum": ["server", "client", "ca"],
334
+ "description": "Type of certificate"
335
+ }
336
+ },
337
+ "returns": {
338
+ "type": "object",
339
+ "properties": {
340
+ "valid": {"type": "boolean"},
341
+ "cert_path": {"type": "string"},
342
+ "cert_type": {"type": "string"},
343
+ "roles": {"type": "array", "items": {"type": "string"}}
344
+ }
345
+ }
346
+ },
347
+ "auth_validate_token": {
348
+ "description": "Validate token",
349
+ "parameters": {
350
+ "token": {
351
+ "type": "string",
352
+ "description": "Token string to validate"
353
+ },
354
+ "token_type": {
355
+ "type": "string",
356
+ "enum": ["jwt", "api"],
357
+ "description": "Type of token"
358
+ }
359
+ },
360
+ "returns": {
361
+ "type": "object",
362
+ "properties": {
363
+ "valid": {"type": "boolean"},
364
+ "token_type": {"type": "string"},
365
+ "roles": {"type": "array", "items": {"type": "string"}}
366
+ }
367
+ }
368
+ },
369
+ "auth_validate_mtls": {
370
+ "description": "Validate mTLS connection",
371
+ "parameters": {
372
+ "client_cert": {
373
+ "type": "string",
374
+ "description": "Path to client certificate"
375
+ },
376
+ "ca_cert": {
377
+ "type": "string",
378
+ "description": "Path to CA certificate"
379
+ }
380
+ },
381
+ "returns": {
382
+ "type": "object",
383
+ "properties": {
384
+ "valid": {"type": "boolean"},
385
+ "client_cert": {"type": "string"},
386
+ "ca_cert": {"type": "string"},
387
+ "roles": {"type": "array", "items": {"type": "string"}}
388
+ }
389
+ }
390
+ },
391
+ "auth_validate_ssl": {
392
+ "description": "Validate SSL connection",
393
+ "parameters": {
394
+ "server_cert": {
395
+ "type": "string",
396
+ "description": "Path to server certificate"
397
+ }
398
+ },
399
+ "returns": {
400
+ "type": "object",
401
+ "properties": {
402
+ "valid": {"type": "boolean"},
403
+ "server_cert": {"type": "string"},
404
+ "roles": {"type": "array", "items": {"type": "string"}}
405
+ }
406
+ }
407
+ }
408
+ }