mcp-proxy-adapter 4.1.1__py3-none-any.whl → 6.0.1__py3-none-any.whl

mcp_proxy_adapter/core/client_manager.py

@@ -0,0 +1,284 @@
+"""
+Client Manager for MCP Proxy Adapter Framework
+
+This module provides client management functionality for the MCP Proxy Adapter framework.
+It handles client creation, connection management, and proxy registration.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import asyncio
+import json
+import logging
+from typing import Dict, Any, Optional, List
+from pathlib import Path
+
+from .client import UniversalClient, create_client_from_config
+
+
+class ClientManager:
+    """
+    Manages client connections and proxy registrations.
+    
+    This class provides functionality for:
+    - Creating and managing client connections
+    - Proxy registration
+    - Connection pooling
+    - Authentication management
+    """
+    
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize client manager.
+        
+        Args:
+            config: Client manager configuration
+        """
+        self.config = config
+        self.logger = logging.getLogger(__name__)
+        self.clients: Dict[str, UniversalClient] = {}
+        self.connection_pool: Dict[str, UniversalClient] = {}
+        
+        # Client manager settings
+        self.max_connections = config.get("max_connections", 10)
+        self.connection_timeout = config.get("connection_timeout", 30)
+        self.retry_attempts = config.get("retry_attempts", 3)
+        self.retry_delay = config.get("retry_delay", 1)
+        
+        self.logger.info("Client manager initialized")
+    
+    async def create_client(self, client_id: str, config_file: str) -> UniversalClient:
+        """
+        Create a new client instance.
+        
+        Args:
+            client_id: Unique identifier for the client
+            config_file: Path to client configuration file
+            
+        Returns:
+            UniversalClient instance
+        """
+        try:
+            if client_id in self.clients:
+                self.logger.warning(f"Client {client_id} already exists, reusing existing connection")
+                return self.clients[client_id]
+            
+            client = create_client_from_config(config_file)
+            self.clients[client_id] = client
+            
+            self.logger.info(f"Client {client_id} created successfully")
+            return client
+            
+        except Exception as e:
+            self.logger.error(f"Failed to create client {client_id}: {e}")
+            raise
+    
+    async def get_client(self, client_id: str) -> Optional[UniversalClient]:
+        """
+        Get an existing client instance.
+        
+        Args:
+            client_id: Client identifier
+            
+        Returns:
+            UniversalClient instance or None if not found
+        """
+        return self.clients.get(client_id)
+    
+    async def remove_client(self, client_id: str) -> bool:
+        """
+        Remove a client instance.
+        
+        Args:
+            client_id: Client identifier
+            
+        Returns:
+            True if client was removed, False otherwise
+        """
+        if client_id in self.clients:
+            client = self.clients[client_id]
+            await client.disconnect()
+            del self.clients[client_id]
+            self.logger.info(f"Client {client_id} removed")
+            return True
+        return False
+    
+    async def test_client_connection(self, client_id: str) -> bool:
+        """
+        Test connection for a specific client.
+        
+        Args:
+            client_id: Client identifier
+            
+        Returns:
+            True if connection is successful, False otherwise
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            self.logger.error(f"Client {client_id} not found")
+            return False
+        
+        try:
+            return await client.test_connection()
+        except Exception as e:
+            self.logger.error(f"Connection test failed for client {client_id}: {e}")
+            return False
+    
+    async def register_proxy(self, client_id: str, proxy_config: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Register with proxy server using a specific client.
+        
+        Args:
+            client_id: Client identifier
+            proxy_config: Proxy registration configuration
+            
+        Returns:
+            Registration result
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            return {"error": f"Client {client_id} not found"}
+        
+        try:
+            result = await client.register_proxy(proxy_config)
+            self.logger.info(f"Proxy registration completed for client {client_id}")
+            return result
+        except Exception as e:
+            self.logger.error(f"Proxy registration failed for client {client_id}: {e}")
+            return {"error": str(e)}
+    
+    async def execute_command(self, client_id: str, command: str, params: Dict[str, Any] = None) -> Dict[str, Any]:
+        """
+        Execute a command using a specific client.
+        
+        Args:
+            client_id: Client identifier
+            command: Command name
+            params: Command parameters
+            
+        Returns:
+            Command result
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            return {"error": f"Client {client_id} not found"}
+        
+        try:
+            result = await client.execute_command(command, params or {})
+            self.logger.info(f"Command {command} executed for client {client_id}")
+            return result
+        except Exception as e:
+            self.logger.error(f"Command execution failed for client {client_id}: {e}")
+            return {"error": str(e)}
+    
+    async def get_client_status(self, client_id: str) -> Dict[str, Any]:
+        """
+        Get status information for a specific client.
+        
+        Args:
+            client_id: Client identifier
+            
+        Returns:
+            Client status information
+        """
+        client = await self.get_client(client_id)
+        if not client:
+            return {"error": f"Client {client_id} not found"}
+        
+        try:
+            # Test connection
+            connection_ok = await client.test_connection()
+            
+            # Test security features
+            security_features = await client.test_security_features()
+            
+            status = {
+                "client_id": client_id,
+                "base_url": client.base_url,
+                "auth_method": client.auth_method,
+                "connection_ok": connection_ok,
+                "security_features": security_features,
+                "session_active": client.session is not None
+            }
+            
+            return status
+        except Exception as e:
+            self.logger.error(f"Failed to get status for client {client_id}: {e}")
+            return {"error": str(e)}
+    
+    async def list_clients(self) -> List[str]:
+        """
+        Get list of all client identifiers.
+        
+        Returns:
+            List of client identifiers
+        """
+        return list(self.clients.keys())
+    
+    async def cleanup(self):
+        """Clean up all client connections."""
+        for client_id in list(self.clients.keys()):
+            await self.remove_client(client_id)
+        self.logger.info("All client connections cleaned up")
+    
+    async def __aenter__(self):
+        """Async context manager entry."""
+        return self
+    
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        """Async context manager exit."""
+        await self.cleanup()
+
+
+def create_client_manager(config: Dict[str, Any]) -> ClientManager:
+    """
+    Create a ClientManager instance.
+    
+    Args:
+        config: Client manager configuration
+        
+    Returns:
+        ClientManager instance
+    """
+    return ClientManager(config)
+
+
+# Example usage and testing functions
+async def test_client_manager():
+    """Test client manager functionality."""
+    # Example configuration
+    config = {
+        "max_connections": 5,
+        "connection_timeout": 30,
+        "retry_attempts": 3,
+        "retry_delay": 1
+    }
+    
+    async with ClientManager(config) as manager:
+        # Create a client
+        client_id = "test_client"
+        config_file = "configs/http_simple.json"
+        
+        try:
+            client = await manager.create_client(client_id, config_file)
+            print(f"✅ Client {client_id} created successfully")
+            
+            # Test connection
+            connection_ok = await manager.test_client_connection(client_id)
+            print(f"✅ Connection test: {connection_ok}")
+            
+            # Get status
+            status = await manager.get_client_status(client_id)
+            print(f"✅ Client status: {json.dumps(status, indent=2)}")
+            
+            # Execute command
+            result = await manager.execute_command(client_id, "help")
+            print(f"✅ Command result: {json.dumps(result, indent=2)}")
+            
+        except Exception as e:
+            print(f"❌ Test failed: {e}")
+
+
+if __name__ == "__main__":
+    asyncio.run(test_client_manager())

mcp_proxy_adapter/core/client_security.py

@@ -0,0 +1,384 @@
+"""
+Client Security Module
+
+This module provides client-side security integration for MCP Proxy Adapter,
+using mcp_security_framework utilities for secure connections to servers.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import logging
+import ssl
+from typing import Dict, Any, Optional, List, Tuple
+from pathlib import Path
+
+# Import framework utilities
+try:
+    from mcp_security_framework.utils.crypto_utils import (
+        generate_api_key, create_jwt_token, verify_jwt_token
+    )
+    from mcp_security_framework.utils.cert_utils import (
+        parse_certificate, extract_roles_from_certificate,
+        validate_certificate_chain, validate_certificate_format
+    )
+    from mcp_security_framework.core.ssl_manager import SSLManager
+    from mcp_security_framework.schemas.config import SSLConfig, AuthConfig
+    from mcp_security_framework.schemas.models import AuthResult, ValidationResult
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+    SSLManager = None
+    SSLConfig = None
+    AuthConfig = None
+    AuthResult = None
+    ValidationResult = None
+
+from mcp_proxy_adapter.core.logging import logger
+
+
+class ClientSecurityManager:
+    """
+    Client-side security manager for MCP Proxy Adapter.
+    
+    Provides secure client connections using mcp_security_framework utilities.
+    Handles authentication, certificate management, and SSL/TLS for client connections.
+    """
+    
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize client security manager.
+        
+        Args:
+            config: Security configuration
+        """
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            raise ImportError("mcp_security_framework is not available")
+        
+        self.config = config
+        self.security_config = config.get("security", {})
+        
+        # Initialize SSL manager if needed
+        self.ssl_manager = None
+        if self.security_config.get("ssl", {}).get("enabled", False):
+            ssl_config = self._create_ssl_config()
+            self.ssl_manager = SSLManager(ssl_config)
+        
+        logger.info("Client security manager initialized")
+    
+    def _create_ssl_config(self) -> SSLConfig:
+        """Create SSL configuration for client connections."""
+        ssl_section = self.security_config.get("ssl", {})
+        
+        return SSLConfig(
+            enabled=ssl_section.get("enabled", False),
+            cert_file=ssl_section.get("client_cert_file"),
+            key_file=ssl_section.get("client_key_file"),
+            ca_cert_file=ssl_section.get("ca_cert_file"),
+            verify_mode=ssl_section.get("verify_mode", "CERT_REQUIRED"),
+            min_tls_version=ssl_section.get("min_tls_version", "TLSv1.2"),
+            check_hostname=ssl_section.get("check_hostname", True),
+            check_expiry=ssl_section.get("check_expiry", True)
+        )
+    
+    def create_client_ssl_context(self, server_hostname: Optional[str] = None) -> Optional[ssl.SSLContext]:
+        """
+        Create SSL context for client connections.
+        
+        Args:
+            server_hostname: Server hostname for SNI
+            
+        Returns:
+            SSL context or None if SSL not enabled
+        """
+        if not self.ssl_manager:
+            return None
+        
+        try:
+            # Create client SSL context
+            context = self.ssl_manager.create_client_context()
+            
+            if server_hostname:
+                # Set server hostname for SNI
+                context.check_hostname = True
+                context.verify_mode = ssl.CERT_REQUIRED
+            
+            logger.info(f"Client SSL context created for {server_hostname or 'unknown server'}")
+            return context
+            
+        except Exception as e:
+            logger.error(f"Failed to create client SSL context: {e}")
+            return None
+    
+    def generate_client_api_key(self, user_id: str, prefix: str = "mcp_proxy") -> str:
+        """
+        Generate API key for client authentication.
+        
+        Args:
+            user_id: User identifier
+            prefix: Key prefix
+            
+        Returns:
+            Generated API key
+        """
+        try:
+            api_key = generate_api_key(prefix=prefix)
+            logger.info(f"Generated API key for user: {user_id}")
+            return api_key
+        except Exception as e:
+            logger.error(f"Failed to generate API key: {e}")
+            raise
+    
+    def create_client_jwt_token(self, user_id: str, roles: List[str], 
+                               secret: str, algorithm: str = "HS256",
+                               expiry_hours: int = 24) -> str:
+        """
+        Create JWT token for client authentication.
+        
+        Args:
+            user_id: User identifier
+            roles: User roles
+            secret: JWT secret
+            algorithm: JWT algorithm
+            expiry_hours: Token expiry in hours
+            
+        Returns:
+            JWT token
+        """
+        try:
+            payload = {
+                "user_id": user_id,
+                "roles": roles,
+                "type": "client_proxy"
+            }
+            
+            token = create_jwt_token(
+                payload=payload,
+                secret=secret,
+                algorithm=algorithm,
+                expiry_hours=expiry_hours
+            )
+            
+            logger.info(f"Created JWT token for user: {user_id}")
+            return token
+            
+        except Exception as e:
+            logger.error(f"Failed to create JWT token: {e}")
+            raise
+    
+    def validate_server_certificate(self, cert_path: str, ca_cert_path: Optional[str] = None) -> bool:
+        """
+        Validate server certificate before connection.
+        
+        Args:
+            cert_path: Path to server certificate
+            ca_cert_path: Path to CA certificate
+            
+        Returns:
+            True if certificate is valid
+        """
+        try:
+            # Validate certificate format
+            if not validate_certificate_format(cert_path):
+                logger.error(f"Invalid certificate format: {cert_path}")
+                return False
+            
+            # Validate certificate chain if CA provided
+            if ca_cert_path:
+                if not validate_certificate_chain(cert_path, ca_cert_path):
+                    logger.error(f"Invalid certificate chain: {cert_path}")
+                    return False
+            
+            # Parse certificate and check basic properties
+            cert_info = parse_certificate(cert_path)
+            if not cert_info:
+                logger.error(f"Failed to parse certificate: {cert_path}")
+                return False
+            
+            logger.info(f"Server certificate validated: {cert_path}")
+            return True
+            
+        except Exception as e:
+            logger.error(f"Failed to validate server certificate: {e}")
+            return False
+    
+    def extract_server_roles(self, cert_path: str) -> List[str]:
+        """
+        Extract roles from server certificate.
+        
+        Args:
+            cert_path: Path to server certificate
+            
+        Returns:
+            List of roles extracted from certificate
+        """
+        try:
+            roles = extract_roles_from_certificate(cert_path)
+            logger.info(f"Extracted roles from server certificate: {roles}")
+            return roles
+        except Exception as e:
+            logger.error(f"Failed to extract roles from certificate: {e}")
+            return []
+    
+    def get_client_auth_headers(self, auth_method: str = "api_key", **kwargs) -> Dict[str, str]:
+        """
+        Get authentication headers for client requests.
+        
+        Args:
+            auth_method: Authentication method (api_key, jwt, certificate)
+            **kwargs: Additional parameters
+            
+        Returns:
+            Dictionary of authentication headers
+        """
+        headers = {}
+        
+        try:
+            if auth_method == "api_key":
+                api_key = kwargs.get("api_key")
+                if api_key:
+                    headers["X-API-Key"] = api_key
+                    headers["Authorization"] = f"Bearer {api_key}"
+            
+            elif auth_method == "jwt":
+                token = kwargs.get("token")
+                if token:
+                    headers["Authorization"] = f"Bearer {token}"
+            
+            elif auth_method == "certificate":
+                # Certificate authentication is handled at SSL level
+                headers["X-Auth-Method"] = "certificate"
+            
+            # Add common proxy headers
+            headers["X-Proxy-Type"] = "mcp_proxy_adapter"
+            headers["X-Client-Type"] = "proxy_client"
+            
+            logger.debug(f"Created auth headers for method: {auth_method}")
+            return headers
+            
+        except Exception as e:
+            logger.error(f"Failed to create auth headers: {e}")
+            return {}
+    
+    def prepare_client_connection(self, server_config: Dict[str, Any]) -> Tuple[Optional[ssl.SSLContext], Dict[str, str]]:
+        """
+        Prepare secure client connection to server.
+        
+        Args:
+            server_config: Server connection configuration
+            
+        Returns:
+            Tuple of (SSL context, auth headers)
+        """
+        ssl_context = None
+        auth_headers = {}
+        
+        try:
+            # Create SSL context if needed
+            if server_config.get("ssl", False):
+                server_hostname = server_config.get("hostname")
+                ssl_context = self.create_client_ssl_context(server_hostname)
+            
+            # Create authentication headers
+            auth_method = server_config.get("auth_method", "api_key")
+            auth_headers = self.get_client_auth_headers(
+                auth_method=auth_method,
+                api_key=server_config.get("api_key"),
+                token=server_config.get("token")
+            )
+            
+            logger.info(f"Prepared client connection for {server_config.get('hostname', 'unknown')}")
+            return ssl_context, auth_headers
+            
+        except Exception as e:
+            logger.error(f"Failed to prepare client connection: {e}")
+            return None, {}
+    
+    def validate_server_response(self, response_headers: Dict[str, str]) -> bool:
+        """
+        Validate server response for security compliance.
+        
+        Args:
+            response_headers: Server response headers
+            
+        Returns:
+            True if response is valid
+        """
+        try:
+            # Check for required security headers
+            required_headers = ["Content-Type"]
+            for header in required_headers:
+                if header not in response_headers:
+                    logger.warning(f"Missing required header: {header}")
+            
+            # Check for security headers
+            security_headers = ["X-Frame-Options", "X-Content-Type-Options"]
+            for header in security_headers:
+                if header in response_headers:
+                    logger.debug(f"Found security header: {header}")
+            
+            # Validate content type
+            content_type = response_headers.get("Content-Type", "")
+            if "application/json" not in content_type:
+                logger.warning(f"Unexpected content type: {content_type}")
+            
+            return True
+            
+        except Exception as e:
+            logger.error(f"Failed to validate server response: {e}")
+            return False
+    
+    def get_client_certificate_info(self) -> Optional[Dict[str, Any]]:
+        """
+        Get information about client certificate.
+        
+        Returns:
+            Certificate information or None
+        """
+        try:
+            ssl_config = self.security_config.get("ssl", {})
+            cert_path = ssl_config.get("client_cert_file")
+            
+            if not cert_path or not Path(cert_path).exists():
+                return None
+            
+            cert_info = parse_certificate(cert_path)
+            if cert_info:
+                roles = extract_roles_from_certificate(cert_path)
+                cert_info["roles"] = roles
+                return cert_info
+            
+            return None
+            
+        except Exception as e:
+            logger.error(f"Failed to get client certificate info: {e}")
+            return None
+    
+    def is_ssl_enabled(self) -> bool:
+        """Check if SSL is enabled for client connections."""
+        return self.security_config.get("ssl", {}).get("enabled", False)
+    
+    def get_supported_auth_methods(self) -> List[str]:
+        """Get list of supported authentication methods."""
+        return ["api_key", "jwt", "certificate"]
+
+
+# Factory function for easy integration
+def create_client_security_manager(config: Dict[str, Any]) -> Optional[ClientSecurityManager]:
+    """
+    Create client security manager instance.
+    
+    Args:
+        config: Configuration dictionary
+        
+    Returns:
+        ClientSecurityManager instance or None if framework not available
+    """
+    try:
+        return ClientSecurityManager(config)
+    except ImportError:
+        logger.warning("mcp_security_framework not available, client security disabled")
+        return None
+    except Exception as e:
+        logger.error(f"Failed to create client security manager: {e}")
+        return None