mcp-proxy-adapter 6.0.0__py3-none-any.whl → 6.0.1__py3-none-any.whl

mcp_proxy_adapter/examples/generate_all_certificates.py

@@ -0,0 +1,362 @@
+#!/usr/bin/env python3
+"""
+Generate All Certificates for Security Testing
+This script generates all necessary certificates for comprehensive security testing:
+- Root CA certificate and key
+- Server certificates for HTTPS and mTLS
+- Client certificates for different roles (admin, user, readonly, etc.)
+- Test certificates for negative scenarios
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import json
+import os
+import subprocess
+import sys
+from pathlib import Path
+from typing import Dict, List, Optional
+class CertificateGenerator:
+    """Generate all certificates for security testing."""
+    def __init__(self):
+        self.project_root = Path(__file__).parent.parent.parent
+        self.certs_dir = self.project_root / "mcp_proxy_adapter" / "examples" / "certs"
+        self.keys_dir = self.project_root / "mcp_proxy_adapter" / "examples" / "keys"
+        # Create directories if they don't exist
+        self.certs_dir.mkdir(parents=True, exist_ok=True)
+        self.keys_dir.mkdir(parents=True, exist_ok=True)
+        # Certificate configuration
+        self.ca_config = {
+            "common_name": "MCP Proxy Adapter Test CA",
+            "organization": "Test Organization",
+            "country": "US",
+            "state": "Test State",
+            "city": "Test City",
+            "validity_years": 10
+        }
+        self.server_config = {
+            "common_name": "mcp-proxy-adapter-test.local",
+            "organization": "Test Organization",
+            "country": "US",
+            "state": "Test State",
+            "city": "Test City",
+            "validity_years": 2,
+            "san": ["localhost", "127.0.0.1", "mcp-proxy-adapter-test.local"]
+        }
+        # Client certificates configuration
+        self.client_certs = {
+            "admin": {
+                "common_name": "admin-client",
+                "organization": "Test Organization",
+                "roles": ["admin"],
+                "permissions": ["*"]
+            },
+            "user": {
+                "common_name": "user-client",
+                "organization": "Test Organization",
+                "roles": ["user"],
+                "permissions": ["read", "write"]
+            },
+            "readonly": {
+                "common_name": "readonly-client",
+                "organization": "Test Organization",
+                "roles": ["readonly"],
+                "permissions": ["read"]
+            },
+            "guest": {
+                "common_name": "guest-client",
+                "organization": "Test Organization",
+                "roles": ["guest"],
+                "permissions": ["read"]
+            },
+            "proxy": {
+                "common_name": "proxy-client",
+                "organization": "Test Organization",
+                "roles": ["proxy"],
+                "permissions": ["register", "discover"]
+            }
+        }
+        # Negative test certificates
+        self.negative_certs = {
+            "expired": {
+                "common_name": "expired-client",
+                "organization": "Test Organization",
+                "validity_days": 1  # Will expire quickly
+            },
+            "wrong_org": {
+                "common_name": "wrong-org-client",
+                "organization": "Wrong Organization",
+                "roles": ["user"]
+            },
+            "no_roles": {
+                "common_name": "no-roles-client",
+                "organization": "Test Organization",
+                "roles": []
+            },
+            "invalid_roles": {
+                "common_name": "invalid-roles-client",
+                "organization": "Test Organization",
+                "roles": ["invalid_role"]
+            }
+        }
+    def run_command(self, cmd: List[str], description: str) -> bool:
+        """Run a command and handle errors."""
+        try:
+            print(f"🔧 {description}...")
+            result = subprocess.run(
+                cmd,
+                cwd=self.project_root,
+                capture_output=True,
+                text=True,
+                check=True
+            )
+            print(f"✅ {description} completed successfully")
+            return True
+        except subprocess.CalledProcessError as e:
+            print(f"❌ {description} failed:")
+            print(f"   Command: {' '.join(cmd)}")
+            print(f"   Error: {e.stderr}")
+            return False
+        except Exception as e:
+            print(f"❌ {description} failed: {e}")
+            return False
+    def create_ca_certificate(self) -> bool:
+        """Create Root CA certificate and key."""
+        ca_cert_path = self.certs_dir / "ca_cert.pem"
+        ca_key_path = self.keys_dir / "ca_key.pem"
+        if ca_cert_path.exists() and ca_key_path.exists():
+            print(f"ℹ️ CA certificate already exists: {ca_cert_path}")
+            return True
+        cmd = [
+            sys.executable, "-m", "mcp_security_framework.cli.cert_cli", "create-ca",
+            "-cn", self.ca_config["common_name"],
+            "-o", self.ca_config["organization"],
+            "-c", self.ca_config["country"],
+            "-s", self.ca_config["state"],
+            "-l", self.ca_config["city"],
+            "-y", str(self.ca_config["validity_years"])
+        ]
+        success = self.run_command(cmd, "Creating Root CA certificate")
+        if success:
+            # Move files to correct locations
+            default_ca_cert = Path("./certs") / f"{self.ca_config['common_name'].lower().replace(' ', '_')}_ca.crt"
+            default_ca_key = Path("./keys") / f"{self.ca_config['common_name'].lower().replace(' ', '_')}_ca.key"
+            if default_ca_cert.exists():
+                self.run_command(["mv", str(default_ca_cert), str(ca_cert_path)], "Moving CA certificate")
+            if default_ca_key.exists():
+                self.run_command(["mv", str(default_ca_key), str(ca_key_path)], "Moving CA key")
+        return success
+    def create_server_certificate(self) -> bool:
+        """Create server certificate for HTTPS and mTLS."""
+        server_cert_path = self.certs_dir / "server_cert.pem"
+        server_key_path = self.certs_dir / "server_key.pem"
+        if server_cert_path.exists() and server_key_path.exists():
+            print(f"ℹ️ Server certificate already exists: {server_cert_path}")
+            return True
+        # Create server certificate
+        cmd = [
+            sys.executable, "-m", "mcp_security_framework.cli.cert_cli", "create-server",
+            "-cn", self.server_config["common_name"],
+            "-o", self.server_config["organization"],
+            "-c", self.server_config["country"],
+            "-s", self.server_config["state"],
+            "-l", self.server_config["city"],
+            "-d", str(self.server_config["validity_years"] * 365)  # Convert years to days
+        ]
+        # Add SAN if supported
+        if self.server_config["san"]:
+            for san in self.server_config["san"]:
+                cmd.extend(["--san", san])
+        success = self.run_command(cmd, "Creating server certificate")
+        if success:
+            # Move files to correct locations
+            default_server_cert = Path("./certs") / f"{self.server_config['common_name'].lower().replace('.', '_')}_server.crt"
+            default_server_key = Path("./keys") / f"{self.server_config['common_name'].lower().replace('.', '_')}_server.key"
+            if default_server_cert.exists():
+                self.run_command(["mv", str(default_server_cert), str(server_cert_path)], "Moving server certificate")
+            if default_server_key.exists():
+                self.run_command(["mv", str(default_server_key), str(server_key_path)], "Moving server key")
+        return success
+    def create_client_certificate(self, name: str, config: Dict) -> bool:
+        """Create client certificate with specific configuration."""
+        cert_path = self.certs_dir / f"{name}_cert.pem"
+        key_path = self.certs_dir / f"{name}_key.pem"
+        if cert_path.exists() and key_path.exists():
+            print(f"ℹ️ Client certificate {name} already exists: {cert_path}")
+            return True
+        cmd = [
+            sys.executable, "-m", "mcp_security_framework.cli.cert_cli", "create-client",
+            "-cn", config["common_name"],
+            "-o", config["organization"],
+            "-c", self.ca_config["country"],
+            "-s", self.ca_config["state"],
+            "-l", self.ca_config["city"],
+            "-d", "730"  # 2 years in days
+        ]
+        # Add roles if specified
+        if "roles" in config and config["roles"]:
+            for role in config["roles"]:
+                cmd.extend(["--roles", role])
+        # Add permissions if specified
+        if "permissions" in config and config["permissions"]:
+            for permission in config["permissions"]:
+                cmd.extend(["--permissions", permission])
+        # Add custom validity for negative tests
+        if "validity_days" in config:
+            cmd[cmd.index("-d") + 1] = str(config["validity_days"])
+        success = self.run_command(cmd, f"Creating client certificate: {name}")
+        if success:
+            # Move files to correct locations
+            default_client_cert = Path("./certs") / f"{config['common_name'].lower().replace('-', '_')}_client.crt"
+            default_client_key = Path("./keys") / f"{config['common_name'].lower().replace('-', '_')}_client.key"
+            if default_client_cert.exists():
+                self.run_command(["mv", str(default_client_cert), str(cert_path)], f"Moving {name} certificate")
+            if default_client_key.exists():
+                self.run_command(["mv", str(default_client_key), str(key_path)], f"Moving {name} key")
+        return success
+    def create_legacy_certificates(self) -> bool:
+        """Create legacy certificate files for compatibility."""
+        legacy_files = [
+            ("client.crt", "client.key"),
+            ("client_admin.crt", "client_admin.key"),
+            ("admin.crt", "admin.key"),
+            ("user.crt", "user.key"),
+            ("readonly.crt", "readonly.key")
+        ]
+        success = True
+        for cert_file, key_file in legacy_files:
+            cert_path = self.certs_dir / cert_file
+            key_path = self.certs_dir / key_file
+            if not cert_path.exists() or not key_path.exists():
+                # Copy from existing certificates
+                if cert_file == "client.crt" and (self.certs_dir / "user_cert.pem").exists():
+                    self.run_command(["cp", str(self.certs_dir / "user_cert.pem"), str(cert_path)], f"Creating {cert_file}")
+                    self.run_command(["cp", str(self.certs_dir / "user_key.pem"), str(key_path)], f"Creating {key_file}")
+                elif cert_file == "client_admin.crt" and (self.certs_dir / "admin_cert.pem").exists():
+                    self.run_command(["cp", str(self.certs_dir / "admin_cert.pem"), str(cert_path)], f"Creating {cert_file}")
+                    self.run_command(["cp", str(self.certs_dir / "admin_key.pem"), str(key_path)], f"Creating {key_file}")
+                elif cert_file == "admin.crt" and (self.certs_dir / "admin_cert.pem").exists():
+                    self.run_command(["cp", str(self.certs_dir / "admin_cert.pem"), str(cert_path)], f"Creating {cert_file}")
+                    self.run_command(["cp", str(self.certs_dir / "admin_key.pem"), str(key_path)], f"Creating {key_file}")
+                elif cert_file == "user.crt" and (self.certs_dir / "user_cert.pem").exists():
+                    self.run_command(["cp", str(self.certs_dir / "user_cert.pem"), str(cert_path)], f"Creating {cert_file}")
+                    self.run_command(["cp", str(self.certs_dir / "user_key.pem"), str(key_path)], f"Creating {key_file}")
+                elif cert_file == "readonly.crt" and (self.certs_dir / "readonly_cert.pem").exists():
+                    self.run_command(["cp", str(self.certs_dir / "readonly_cert.pem"), str(cert_path)], f"Creating {cert_file}")
+                    self.run_command(["cp", str(self.certs_dir / "readonly_key.pem"), str(key_path)], f"Creating {key_file}")
+        return success
+    def create_certificate_config(self) -> bool:
+        """Create certificate configuration file."""
+        config_path = self.certs_dir / "cert_config.json"
+        config = {
+            "ca_cert_path": str(self.certs_dir / "ca_cert.pem"),
+            "ca_key_path": str(self.keys_dir / "ca_key.pem"),
+            "cert_storage_path": str(self.certs_dir),
+            "key_storage_path": str(self.keys_dir),
+            "default_validity_days": 365,
+            "key_size": 2048,
+            "hash_algorithm": "sha256"
+        }
+        try:
+            with open(config_path, 'w') as f:
+                json.dump(config, f, indent=2)
+            print(f"✅ Created certificate config: {config_path}")
+            return True
+        except Exception as e:
+            print(f"❌ Failed to create certificate config: {e}")
+            return False
+    def validate_certificates(self) -> bool:
+        """Validate all created certificates."""
+        print("\n🔍 Validating certificates...")
+        cert_files = [
+            "ca_cert.pem",
+            "server_cert.pem",
+            "admin_cert.pem",
+            "user_cert.pem",
+            "readonly_cert.pem",
+            "guest_cert.pem",
+            "proxy_cert.pem"
+        ]
+        success = True
+        for cert_file in cert_files:
+            cert_path = self.certs_dir / cert_file
+            if cert_path.exists():
+                try:
+                    result = subprocess.run(
+                        ["openssl", "x509", "-in", str(cert_path), "-text", "-noout"],
+                        capture_output=True,
+                        text=True,
+                        check=True
+                    )
+                    print(f"✅ {cert_file}: Valid")
+                except subprocess.CalledProcessError:
+                    print(f"❌ {cert_file}: Invalid")
+                    success = False
+            else:
+                print(f"⚠️ {cert_file}: Not found")
+        return success
+    def generate_all(self) -> bool:
+        """Generate all certificates."""
+        print("🔐 Generating All Certificates for Security Testing")
+        print("=" * 60)
+        success = True
+        # 1. Create CA certificate
+        if not self.create_ca_certificate():
+            success = False
+            print("❌ Cannot continue without CA certificate")
+            return False
+        # 2. Create server certificate
+        if not self.create_server_certificate():
+            success = False
+        # 3. Create client certificates for different roles
+        print("\n👥 Creating client certificates...")
+        for name, config in self.client_certs.items():
+            if not self.create_client_certificate(name, config):
+                success = False
+        # 4. Create negative test certificates
+        print("\n🚫 Creating negative test certificates...")
+        for name, config in self.negative_certs.items():
+            if not self.create_client_certificate(name, config):
+                success = False
+        # 5. Create legacy certificates for compatibility
+        print("\n🔄 Creating legacy certificates...")
+        if not self.create_legacy_certificates():
+            success = False
+        # 6. Create certificate configuration
+        if not self.create_certificate_config():
+            success = False
+        # 7. Validate certificates
+        if not self.validate_certificates():
+            success = False
+        # Print summary
+        print("\n" + "=" * 60)
+        print("📊 CERTIFICATE GENERATION SUMMARY")
+        print("=" * 60)
+        if success:
+            print("✅ All certificates generated successfully!")
+            print(f"📁 Certificates directory: {self.certs_dir}")
+            print(f"🔑 Keys directory: {self.keys_dir}")
+            print("\n📋 Generated certificates:")
+            cert_files = list(self.certs_dir.glob("*.pem")) + list(self.certs_dir.glob("*.crt"))
+            for cert_file in sorted(cert_files):
+                print(f"   - {cert_file.name}")
+            key_files = list(self.keys_dir.glob("*.pem")) + list(self.keys_dir.glob("*.key"))
+            for key_file in sorted(key_files):
+                print(f"   - {key_file.name}")
+        else:
+            print("❌ Some certificates failed to generate")
+            print("Check the error messages above")
+        return success
+def main():
+    """Main function."""
+    generator = CertificateGenerator()
+    try:
+        success = generator.generate_all()
+        sys.exit(0 if success else 1)
+    except KeyboardInterrupt:
+        print("\n⚠️ Certificate generation interrupted by user")
+        sys.exit(1)
+    except Exception as e:
+        print(f"\n❌ Certificate generation failed: {e}")
+        sys.exit(1)
+if __name__ == "__main__":
+    main()

mcp_proxy_adapter/examples/generate_certificates.py

@@ -0,0 +1,177 @@
+#!/usr/bin/env python3
+"""
+Certificate Generation Script
+This script generates all necessary certificates for the examples using
+mcp_security_framework API directly.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import os
+import sys
+from pathlib import Path
+from datetime import datetime, timedelta, timezone
+
+def main():
+    """Generate all certificates for examples."""
+    print("🔐 Certificate Generation Script")
+    print("=" * 50)
+
+    # Create directories
+    cert_dir = Path("certs")
+    key_dir = Path("keys")
+    cert_dir.mkdir(exist_ok=True)
+    key_dir.mkdir(exist_ok=True)
+
+    # Check if mcp_security_framework is available
+    try:
+        from mcp_security_framework.core.cert_manager import CertificateManager
+        from mcp_security_framework.schemas import (
+            CAConfig, ServerCertConfig, ClientCertConfig, CertificateConfig
+        )
+        print("✅ mcp_security_framework API available")
+    except ImportError as e:
+        print(f"❌ mcp_security_framework not found: {e}")
+        return False
+
+    try:
+        print("🔧 Creating root CA certificate...")
+        
+        # Initialize certificate manager first
+        cert_config = CertificateConfig(
+            cert_storage_path=str(cert_dir),
+            key_storage_path=str(key_dir),
+            default_validity_days=365,
+            key_size=2048,
+            hash_algorithm="sha256"
+        )
+        cert_manager = CertificateManager(cert_config)
+        
+        # Create CA certificate using API
+        ca_config = CAConfig(
+            common_name="MCP Proxy Adapter CA",
+            organization="MCP Proxy Adapter",
+            organizational_unit="Development",
+            country="US",
+            state="State",
+            locality="City",
+            validity_years=10,
+            key_size=2048,
+            hash_algorithm="sha256"
+        )
+        
+        ca_cert_pair = cert_manager.create_root_ca(ca_config)
+        if not ca_cert_pair or not ca_cert_pair.certificate_path:
+            print("❌ Failed to create CA certificate")
+            return False
+            
+        ca_cert_path = ca_cert_pair.certificate_path
+        ca_key_path = ca_cert_pair.private_key_path
+        print(f"✅ Root CA certificate created: {ca_cert_path}")
+
+        print("🔧 Creating server certificate...")
+        # Create server certificate
+        server_config = ServerCertConfig(
+            common_name="localhost",
+            organization="MCP Proxy Adapter",
+            country="US",
+            validity_days=365,
+            key_size=2048,
+            subject_alt_names=["localhost", "127.0.0.1"],
+            ca_cert_path=str(ca_cert_path),
+            ca_key_path=str(ca_key_path)
+        )
+
+        server_cert_pair = cert_manager.create_server_certificate(server_config)
+        print(f"✅ Server certificate created: {server_cert_pair.certificate_path}")
+
+        print("🔧 Creating admin client certificate...")
+        # Create admin client certificate
+        admin_config = ClientCertConfig(
+            common_name="admin",
+            organization="MCP Proxy Adapter",
+            country="US",
+            validity_days=365,
+            key_size=2048,
+            roles=["admin"],
+            permissions=["read", "write", "delete"],
+            ca_cert_path=str(ca_cert_path),
+            ca_key_path=str(ca_key_path)
+        )
+
+        admin_cert_pair = cert_manager.create_client_certificate(admin_config)
+        print(f"✅ Admin client certificate created: {admin_cert_pair.certificate_path}")
+
+        print("🔧 Creating user client certificate...")
+        # Create user client certificate
+        user_config = ClientCertConfig(
+            common_name="user",
+            organization="MCP Proxy Adapter",
+            country="US",
+            validity_days=365,
+            key_size=2048,
+            roles=["user"],
+            permissions=["read", "write"],
+            ca_cert_path=str(ca_cert_path),
+            ca_key_path=str(ca_key_path)
+        )
+
+        user_cert_pair = cert_manager.create_client_certificate(user_config)
+        print(f"✅ User client certificate created: {user_cert_pair.certificate_path}")
+
+        print("🔧 Creating readonly client certificate...")
+        # Create readonly client certificate
+        readonly_config = ClientCertConfig(
+            common_name="readonly",
+            organization="MCP Proxy Adapter",
+            country="US",
+            validity_days=365,
+            key_size=2048,
+            roles=["readonly"],
+            permissions=["read"],
+            ca_cert_path=str(ca_cert_path),
+            ca_key_path=str(ca_key_path)
+        )
+
+        readonly_cert_pair = cert_manager.create_client_certificate(readonly_config)
+        print(f"✅ Readonly client certificate created: {readonly_cert_pair.certificate_path}")
+
+        print("\n🎉 All certificates generated successfully!")
+        print(f"📁 Certificates are stored in the '{cert_dir}' directory")
+        print(f"🔑 Private keys are stored in the '{key_dir}' directory")
+        print(f"🔐 CA certificate: {ca_cert_path}")
+        print(f"🔐 Server certificate: {server_cert_pair.certificate_path}")
+        
+        print("\n" + "=" * 60)
+        print("✅ CERTIFICATE GENERATION COMPLETED SUCCESSFULLY")
+        print("=" * 60)
+        print("\n📋 NEXT STEPS:")
+        print("1. Generate test configurations:")
+        print("   python -m mcp_proxy_adapter.examples.generate_test_configs --output-dir configs")
+        print("\n2. Run security tests:")
+        print("   python -m mcp_proxy_adapter.examples.run_security_tests")
+        print("\n3. Start basic framework example:")
+        print("   python -m mcp_proxy_adapter.examples.basic_framework.main --config configs/https_simple.json")
+        print("=" * 60)
+        return True
+
+    except Exception as e:
+        print(f"\n❌ CERTIFICATE GENERATION FAILED: {e}")
+        print("=" * 60)
+        import traceback
+        traceback.print_exc()
+        print("\n🔧 TROUBLESHOOTING:")
+        print("1. Check if mcp_security_framework is installed:")
+        print("   pip install mcp_security_framework")
+        print("\n2. Verify write permissions in current directory")
+        print("\n3. Check if certs/ and keys/ directories exist")
+        print("=" * 60)
+        return False
+
+if __name__ == "__main__":
+    print("🔐 Starting certificate generation...")
+    success = main()
+    if success:
+        print("\n✅ Script completed successfully!")
+    else:
+        print("\n❌ Script failed with errors!")
+    sys.exit(0 if success else 1)