mcp-proxy-adapter 6.2.34__py3-none-any.whl → 6.2.36__py3-none-any.whl

mcp_proxy_adapter/api/middleware/user_info_middleware.py

@@ -57,6 +57,9 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                 auth_config = security_config.get("auth", {})
                 permissions_config = security_config.get("permissions", {})
 
+                # Check if permissions are enabled
+                permissions_enabled = permissions_config.get("enabled", False)
+                
                 # Create AuthConfig for mcp_security_framework
                 mcp_auth_config = AuthConfig(
                     enabled=True,
@@ -64,27 +67,43 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
                     api_keys=auth_config.get("api_keys", {})
                 )
 
-                # Create PermissionConfig for mcp_security_framework
-                mcp_permission_config = PermissionConfig(
-                    roles_file=permissions_config.get("roles_file"),
-                    default_role=permissions_config.get("default_role", "guest"),
-                    admin_role=permissions_config.get("admin_role", "admin"),
-                    role_hierarchy=permissions_config.get("role_hierarchy", {}),
-                    permission_cache_enabled=permissions_config.get(
-                        "permission_cache_enabled", True
-                    ),
-                    permission_cache_ttl=permissions_config.get(
-                        "permission_cache_ttl", 300
-                    ),
-                    wildcard_permissions=permissions_config.get(
-                        "wildcard_permissions", False
-                    ),
-                    strict_mode=permissions_config.get("strict_mode", True),
-                    roles=permissions_config.get("roles", {})
-                )
-
-                # Initialize PermissionManager first
-                self.permission_manager = PermissionManager(mcp_permission_config)
+                # Initialize PermissionManager only if permissions are enabled
+                if permissions_enabled:
+                    # Create PermissionConfig for mcp_security_framework
+                    mcp_permission_config = PermissionConfig(
+                        roles_file=permissions_config.get("roles_file"),
+                        default_role=permissions_config.get("default_role", "guest"),
+                        admin_role=permissions_config.get("admin_role", "admin"),
+                        role_hierarchy=permissions_config.get("role_hierarchy", {}),
+                        permission_cache_enabled=permissions_config.get(
+                            "permission_cache_enabled", True
+                        ),
+                        permission_cache_ttl=permissions_config.get(
+                            "permission_cache_ttl", 300
+                        ),
+                        wildcard_permissions=permissions_config.get(
+                            "wildcard_permissions", False
+                        ),
+                        strict_mode=permissions_config.get("strict_mode", True),
+                        roles=permissions_config.get("roles", {})
+                    )
+
+                    # Initialize PermissionManager first
+                    self.permission_manager = PermissionManager(mcp_permission_config)
+                else:
+                    # Create a minimal PermissionManager when permissions are disabled
+                    mcp_permission_config = PermissionConfig(
+                        roles_file=None,
+                        default_role="guest",
+                        admin_role="admin",
+                        role_hierarchy={},
+                        permission_cache_enabled=False,
+                        permission_cache_ttl=300,
+                        wildcard_permissions=False,
+                        strict_mode=False,
+                        roles={}
+                    )
+                    self.permission_manager = PermissionManager(mcp_permission_config)
 
                 # Initialize AuthManager with permission_manager
                 self.auth_manager = AuthManager(

mcp_proxy_adapter/config.py

@@ -178,6 +178,7 @@ class Config:
                     "hash_algorithm": "sha256",
                     "crl_enabled": False,
                     "crl_path": None,
+                    "crl_url": None,
                     "crl_validity_days": 30,
                     "auto_renewal": False,
                     "renewal_threshold_days": 30

mcp_proxy_adapter/core/config_validator.py

@@ -108,6 +108,23 @@ class ConfigValidator:
         security_enabled = security_config.get("enabled", True)
         auth_enabled = self.config.get("auth_enabled", False)
         
+        # Validate permissions configuration
+        permissions_config = security_config.get("permissions", {})
+        permissions_enabled = permissions_config.get("enabled", False)
+        
+        if permissions_enabled:
+            # Permissions require authentication to identify users
+            auth_config = security_config.get("auth", {})
+            if not auth_config.get("enabled", False):
+                self.errors.append("Permissions are enabled but authentication is disabled. Permissions require authentication to identify users.")
+                return False
+            
+            # Check if there are any authentication methods available
+            auth_methods = auth_config.get("methods", [])
+            if not auth_methods:
+                self.errors.append("Permissions are enabled but no authentication methods are configured. At least one authentication method is required.")
+                return False
+        
         if security_enabled and auth_enabled:
             # Validate auth configuration
             auth_config = security_config.get("auth", {})

mcp_proxy_adapter/core/crl_utils.py

@@ -0,0 +1,335 @@
+"""
+CRL Utilities Module
+
+This module provides utilities for working with Certificate Revocation Lists (CRL).
+Supports both file-based and URL-based CRL sources.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+Version: 1.0.0
+"""
+
+import logging
+import os
+import tempfile
+from pathlib import Path
+from typing import Optional, Union, Dict, Any
+from urllib.parse import urlparse
+import requests
+from requests.adapters import HTTPAdapter
+from urllib3.util.retry import Retry
+
+# Import mcp_security_framework CRL utilities
+try:
+    from mcp_security_framework.utils.cert_utils import (
+        parse_crl,
+        is_certificate_revoked,
+        validate_certificate_against_crl,
+        is_crl_valid,
+        get_crl_info
+    )
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+
+logger = logging.getLogger(__name__)
+
+
+class CRLManager:
+    """
+    Manager for Certificate Revocation Lists (CRL).
+    
+    Supports both file-based and URL-based CRL sources.
+    Automatically downloads CRL from URLs and caches them locally.
+    """
+    
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize CRL manager.
+        
+        Args:
+            config: Configuration dictionary containing CRL settings
+        """
+        self.config = config
+        self.crl_enabled = config.get("crl_enabled", False)
+        self.crl_path = config.get("crl_path")
+        self.crl_url = config.get("crl_url")
+        self.crl_validity_days = config.get("crl_validity_days", 30)
+        
+        # Cache for downloaded CRL files
+        self._crl_cache: Dict[str, str] = {}
+        
+        # Setup HTTP session with retry strategy
+        self._setup_http_session()
+        
+        logger.info(f"CRL Manager initialized - enabled: {self.crl_enabled}")
+    
+    def _setup_http_session(self):
+        """Setup HTTP session with retry strategy for CRL downloads."""
+        self.session = requests.Session()
+        
+        # Configure retry strategy
+        retry_strategy = Retry(
+            total=3,
+            backoff_factor=1,
+            status_forcelist=[429, 500, 502, 503, 504],
+        )
+        
+        adapter = HTTPAdapter(max_retries=retry_strategy)
+        self.session.mount("http://", adapter)
+        self.session.mount("https://", adapter)
+        
+        # Set timeout
+        self.session.timeout = 30
+    
+    def get_crl_data(self) -> Optional[Union[str, bytes, Path]]:
+        """
+        Get CRL data from configured source.
+        
+        Returns:
+            CRL data as string, bytes, or Path, or None if not available
+            
+        Raises:
+            ValueError: If CRL is enabled but no source is configured
+            FileNotFoundError: If CRL file is not found
+            requests.RequestException: If CRL download fails
+        """
+        if not self.crl_enabled:
+            logger.debug("CRL is disabled, skipping CRL check")
+            return None
+        
+        # Check if CRL URL is configured
+        if self.crl_url:
+            return self._get_crl_from_url()
+        
+        # Check if CRL file path is configured
+        if self.crl_path:
+            return self._get_crl_from_file()
+        
+        # If CRL is enabled but no source is configured, this is an error
+        if self.crl_enabled:
+            raise ValueError("CRL is enabled but neither crl_path nor crl_url is configured")
+        
+        return None
+    
+    def _get_crl_from_url(self) -> str:
+        """
+        Download CRL from URL.
+        
+        Returns:
+            Path to downloaded CRL file
+            
+        Raises:
+            requests.RequestException: If download fails
+            ValueError: If downloaded data is not valid CRL
+        """
+        try:
+            logger.info(f"Downloading CRL from URL: {self.crl_url}")
+            
+            # Download CRL
+            response = self.session.get(self.crl_url)
+            response.raise_for_status()
+            
+            # Validate content type
+            content_type = response.headers.get('content-type', '').lower()
+            if 'application/pkix-crl' not in content_type and 'application/x-pkcs7-crl' not in content_type:
+                logger.warning(f"Unexpected content type for CRL: {content_type}")
+            
+            # Save to temporary file
+            with tempfile.NamedTemporaryFile(mode='wb', suffix='.crl', delete=False) as temp_file:
+                temp_file.write(response.content)
+                temp_file_path = temp_file.name
+            
+            # Validate CRL format
+            if SECURITY_FRAMEWORK_AVAILABLE:
+                try:
+                    is_crl_valid(temp_file_path)
+                    logger.info(f"CRL downloaded and validated successfully from {self.crl_url}")
+                except Exception as e:
+                    os.unlink(temp_file_path)
+                    raise ValueError(f"Downloaded CRL is not valid: {e}")
+            else:
+                logger.warning("mcp_security_framework not available, skipping CRL validation")
+            
+            # Cache the file path
+            self._crl_cache[self.crl_url] = temp_file_path
+            
+            return temp_file_path
+            
+        except requests.RequestException as e:
+            logger.error(f"Failed to download CRL from {self.crl_url}: {e}")
+            raise
+        except Exception as e:
+            logger.error(f"CRL download failed: {e}")
+            raise
+    
+    def _get_crl_from_file(self) -> str:
+        """
+        Get CRL from file path.
+        
+        Returns:
+            Path to CRL file
+            
+        Raises:
+            FileNotFoundError: If CRL file is not found
+            ValueError: If CRL file is not valid
+        """
+        if not os.path.exists(self.crl_path):
+            raise FileNotFoundError(f"CRL file not found: {self.crl_path}")
+        
+        # Validate CRL format
+        if SECURITY_FRAMEWORK_AVAILABLE:
+            try:
+                is_crl_valid(self.crl_path)
+                logger.info(f"CRL file validated successfully: {self.crl_path}")
+            except Exception as e:
+                raise ValueError(f"CRL file is not valid: {e}")
+        else:
+            logger.warning("mcp_security_framework not available, skipping CRL validation")
+        
+        return self.crl_path
+    
+    def is_certificate_revoked(self, cert_path: str) -> bool:
+        """
+        Check if certificate is revoked according to CRL.
+        
+        Args:
+            cert_path: Path to certificate file
+            
+        Returns:
+            True if certificate is revoked, False otherwise
+            
+        Raises:
+            ValueError: If CRL is enabled but not available
+            FileNotFoundError: If certificate file is not found
+        """
+        if not self.crl_enabled:
+            return False
+        
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            logger.warning("mcp_security_framework not available, skipping CRL check")
+            return False
+        
+        try:
+            crl_data = self.get_crl_data()
+            if not crl_data:
+                logger.warning("CRL is enabled but no CRL data is available")
+                return False
+            
+            is_revoked = is_certificate_revoked(cert_path, crl_data)
+            
+            if is_revoked:
+                logger.warning(f"Certificate is revoked according to CRL: {cert_path}")
+            else:
+                logger.debug(f"Certificate is not revoked according to CRL: {cert_path}")
+            
+            return is_revoked
+            
+        except Exception as e:
+            logger.error(f"CRL check failed for certificate {cert_path}: {e}")
+            # For security, consider certificate invalid if CRL check fails
+            return True
+    
+    def validate_certificate_against_crl(self, cert_path: str) -> Dict[str, Any]:
+        """
+        Validate certificate against CRL and return detailed status.
+        
+        Args:
+            cert_path: Path to certificate file
+            
+        Returns:
+            Dictionary containing validation results
+            
+        Raises:
+            ValueError: If CRL is enabled but not available
+            FileNotFoundError: If certificate file is not found
+        """
+        if not self.crl_enabled:
+            return {
+                "is_revoked": False,
+                "crl_checked": False,
+                "crl_source": None,
+                "message": "CRL check is disabled"
+            }
+        
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            logger.warning("mcp_security_framework not available, skipping CRL validation")
+            return {
+                "is_revoked": False,
+                "crl_checked": False,
+                "crl_source": None,
+                "message": "mcp_security_framework not available"
+            }
+        
+        try:
+            crl_data = self.get_crl_data()
+            if not crl_data:
+                logger.warning("CRL is enabled but no CRL data is available")
+                return {
+                    "is_revoked": True,  # For security, consider invalid if CRL unavailable
+                    "crl_checked": False,
+                    "crl_source": None,
+                    "message": "CRL is enabled but not available"
+                }
+            
+            # Get CRL source info
+            crl_source = self.crl_url if self.crl_url else self.crl_path
+            
+            # Validate certificate against CRL
+            result = validate_certificate_against_crl(cert_path, crl_data)
+            
+            result["crl_checked"] = True
+            result["crl_source"] = crl_source
+            
+            return result
+            
+        except Exception as e:
+            logger.error(f"CRL validation failed for certificate {cert_path}: {e}")
+            # For security, consider certificate invalid if CRL validation fails
+            return {
+                "is_revoked": True,
+                "crl_checked": False,
+                "crl_source": self.crl_url if self.crl_url else self.crl_path,
+                "message": f"CRL validation failed: {e}"
+            }
+    
+    def get_crl_info(self) -> Optional[Dict[str, Any]]:
+        """
+        Get information about the configured CRL.
+        
+        Returns:
+            Dictionary containing CRL information, or None if CRL is not available
+        """
+        if not self.crl_enabled:
+            return None
+        
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            logger.warning("mcp_security_framework not available, cannot get CRL info")
+            return None
+        
+        try:
+            crl_data = self.get_crl_data()
+            if not crl_data:
+                return None
+            
+            return get_crl_info(crl_data)
+            
+        except Exception as e:
+            logger.error(f"Failed to get CRL info: {e}")
+            return None
+    
+    def cleanup_cache(self):
+        """Clean up temporary CRL files."""
+        for url, temp_path in self._crl_cache.items():
+            try:
+                if os.path.exists(temp_path):
+                    os.unlink(temp_path)
+                    logger.debug(f"Cleaned up temporary CRL file: {temp_path}")
+            except Exception as e:
+                logger.warning(f"Failed to cleanup temporary CRL file {temp_path}: {e}")
+        
+        self._crl_cache.clear()
+    
+    def __del__(self):
+        """Cleanup when object is destroyed."""
+        self.cleanup_cache()

mcp_proxy_adapter/core/security_integration.py

@@ -105,25 +105,42 @@ class SecurityIntegration:
         
         # Create permission config - handle null values properly
         permissions_section = security_section.get("permissions", {})
-        roles_file = permissions_section.get("roles_file")
-
-        # If roles_file is None or empty string, don't pass it to avoid framework errors
-        if roles_file is None or roles_file == "":
-            logger.warning("roles_file is None or empty, permissions will use default configuration")
-            roles_file = None
+        permissions_enabled = permissions_section.get("enabled", True)
         
-        permission_config = PermissionConfig(
-            enabled=permissions_section.get("enabled", True),
-            roles_file=roles_file,
-            default_role=permissions_section.get("default_role", "guest"),
-            admin_role=permissions_section.get("admin_role", "admin"),
-            role_hierarchy=permissions_section.get("role_hierarchy", {}),
-            permission_cache_enabled=permissions_section.get("permission_cache_enabled", True),
-            permission_cache_ttl=permissions_section.get("permission_cache_ttl", 300),
-            wildcard_permissions=permissions_section.get("wildcard_permissions", False),
-            strict_mode=permissions_section.get("strict_mode", True),
-            roles=permissions_section.get("roles")
-        )
+        if permissions_enabled:
+            roles_file = permissions_section.get("roles_file")
+
+            # If roles_file is None or empty string, don't pass it to avoid framework errors
+            if roles_file is None or roles_file == "":
+                logger.warning("roles_file is None or empty, permissions will use default configuration")
+                roles_file = None
+            
+            permission_config = PermissionConfig(
+                enabled=True,
+                roles_file=roles_file,
+                default_role=permissions_section.get("default_role", "guest"),
+                admin_role=permissions_section.get("admin_role", "admin"),
+                role_hierarchy=permissions_section.get("role_hierarchy", {}),
+                permission_cache_enabled=permissions_section.get("permission_cache_enabled", True),
+                permission_cache_ttl=permissions_section.get("permission_cache_ttl", 300),
+                wildcard_permissions=permissions_section.get("wildcard_permissions", False),
+                strict_mode=permissions_section.get("strict_mode", True),
+                roles=permissions_section.get("roles")
+            )
+        else:
+            # Create minimal permission config when permissions are disabled
+            permission_config = PermissionConfig(
+                enabled=False,
+                roles_file=None,
+                default_role="guest",
+                admin_role="admin",
+                role_hierarchy={},
+                permission_cache_enabled=False,
+                permission_cache_ttl=300,
+                wildcard_permissions=False,
+                strict_mode=False,
+                roles={}
+            )
         
         # Create rate limit config
         rate_limit_config = RateLimitConfig(
@@ -202,8 +219,39 @@ class SecurityIntegration:
         return await self.certificate_manager.create_server_certificate(common_name, **kwargs)
     
     async def validate_certificate(self, cert_path: str) -> bool:
-        """Validate certificate."""
-        return await self.certificate_manager.validate_certificate(cert_path)
+        """Validate certificate with CRL check if enabled."""
+        try:
+            # Get CRL configuration from security config
+            crl_config = None
+            if hasattr(self.security_config, 'certificates'):
+                cert_config = self.security_config.certificates
+                if hasattr(cert_config, 'crl_enabled') and cert_config.crl_enabled:
+                    crl_config = {
+                        'crl_enabled': cert_config.crl_enabled,
+                        'crl_path': getattr(cert_config, 'crl_path', None),
+                        'crl_url': getattr(cert_config, 'crl_url', None),
+                        'crl_validity_days': getattr(cert_config, 'crl_validity_days', 30)
+                    }
+            
+            # Use mcp_security_framework's validate_certificate_chain with CRL
+            if crl_config and crl_config.get('crl_enabled'):
+                from mcp_security_framework.utils.cert_utils import validate_certificate_chain
+                from .crl_utils import CRLManager
+                
+                # Get CRL data
+                crl_manager = CRLManager(crl_config)
+                crl_data = crl_manager.get_crl_data()
+                
+                # Validate with CRL
+                if crl_data:
+                    return validate_certificate_chain(cert_path, self.security_config.certificates.ca_cert_path, crl_data)
+            
+            # Fallback to standard validation
+            return await self.certificate_manager.validate_certificate(cert_path)
+            
+        except Exception as e:
+            logger.error(f"Certificate validation failed: {e}")
+            return False
     
     async def extract_roles_from_certificate(self, cert_path: str) -> List[str]:
         """Extract roles from certificate."""

mcp_proxy_adapter/core/ssl_utils.py

@@ -3,8 +3,10 @@ SSL Utilities Module
 
 This module provides utilities for SSL/TLS configuration and certificate validation.
 Integrates with AuthValidator from Phase 0 for certificate validation.
+Supports CRL (Certificate Revocation List) validation.
 
-Author: MCP Proxy Adapter Team
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
 Version: 1.0.0
 """
 
@@ -14,6 +16,7 @@ from typing import List, Optional, Dict, Any
 from pathlib import Path
 
 from .auth_validator import AuthValidator
+from .crl_utils import CRLManager
 
 logger = logging.getLogger(__name__)
 
@@ -47,7 +50,8 @@ class SSLUtils:
                           verify_client: bool = False,
                           cipher_suites: Optional[List[str]] = None,
                           min_tls_version: str = "1.2",
-                          max_tls_version: str = "1.3") -> ssl.SSLContext:
+                          max_tls_version: str = "1.3",
+                          crl_config: Optional[Dict[str, Any]] = None) -> ssl.SSLContext:
         """
         Create SSL context with specified configuration.
         
@@ -59,6 +63,7 @@ class SSLUtils:
             cipher_suites: List of cipher suites to use
             min_tls_version: Minimum TLS version
             max_tls_version: Maximum TLS version
+            crl_config: CRL configuration dictionary (optional)
             
         Returns:
             Configured SSL context
@@ -73,6 +78,17 @@ class SSLUtils:
         if not result.is_valid:
             raise ValueError(f"Invalid certificate: {result.error_message}")
         
+        # Check CRL if configured
+        if crl_config:
+            try:
+                crl_manager = CRLManager(crl_config)
+                if crl_manager.is_certificate_revoked(cert_file):
+                    raise ValueError(f"Certificate is revoked according to CRL: {cert_file}")
+            except Exception as e:
+                logger.error(f"CRL check failed: {e}")
+                # For security, fail if CRL check fails
+                raise ValueError(f"CRL validation failed: {e}")
+        
         # Check if files exist
         if not Path(cert_file).exists():
             raise FileNotFoundError(f"Certificate file not found: {cert_file}")
@@ -111,12 +127,13 @@ class SSLUtils:
         return context
     
     @staticmethod
-    def validate_certificate(cert_file: str) -> bool:
+    def validate_certificate(cert_file: str, crl_config: Optional[Dict[str, Any]] = None) -> bool:
         """
-        Validate certificate using AuthValidator.
+        Validate certificate using AuthValidator and optional CRL check.
         
         Args:
             cert_file: Path to certificate file
+            crl_config: CRL configuration dictionary (optional)
             
         Returns:
             True if certificate is valid, False otherwise
@@ -124,7 +141,22 @@ class SSLUtils:
         try:
             validator = AuthValidator()
             result = validator.validate_certificate(cert_file)
-            return result.is_valid
+            if not result.is_valid:
+                return False
+            
+            # Check CRL if configured
+            if crl_config:
+                try:
+                    crl_manager = CRLManager(crl_config)
+                    if crl_manager.is_certificate_revoked(cert_file):
+                        logger.warning(f"Certificate is revoked according to CRL: {cert_file}")
+                        return False
+                except Exception as e:
+                    logger.error(f"CRL check failed: {e}")
+                    # For security, consider certificate invalid if CRL check fails
+                    return False
+            
+            return True
         except Exception as e:
             logger.error(f"Certificate validation failed: {e}")
             return False

mcp_proxy_adapter/examples/scripts/config_generator.py

@@ -107,6 +107,7 @@ class ConfigGenerator:
                     "hash_algorithm": "sha256",
                     "crl_enabled": False,
                     "crl_path": None,
+                    "crl_url": None,
                     "crl_validity_days": 30,
                     "auto_renewal": False,
                     "renewal_threshold_days": 30

mcp_proxy_adapter/utils/config_generator.py

@@ -107,6 +107,7 @@ class ConfigGenerator:
                     "hash_algorithm": "sha256",
                     "crl_enabled": False,
                     "crl_path": None,
+                    "crl_url": None,
                     "crl_validity_days": 30,
                     "auto_renewal": False,
                     "renewal_threshold_days": 30

mcp_proxy_adapter/version.py

@@ -2,5 +2,5 @@
 Version information for MCP Proxy Adapter.
 """
 
-__version__ = "6.2.34"
+__version__ = "6.2.36"
 

{mcp_proxy_adapter-6.2.34.dist-info → mcp_proxy_adapter-6.2.36.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-proxy-adapter
-Version: 6.2.34
+Version: 6.2.36
 Summary: Powerful JSON-RPC microservices framework with built-in security, authentication, and proxy registration
 Home-page: https://github.com/maverikod/mcp-proxy-adapter
 Author: Vasiliy Zdanovskiy

{mcp_proxy_adapter-6.2.34.dist-info → mcp_proxy_adapter-6.2.36.dist-info}/RECORD

@@ -1,10 +1,10 @@
 mcp_proxy_adapter/__init__.py,sha256=B7m1YWyv_Wb87-Q-JqVpHQgwajnfIgDyZ_iIxzdTbBY,1021
 mcp_proxy_adapter/__main__.py,sha256=-Wp1myP9DzJNB9j97mj62C8kFk5YUbCmd0e7Rnwte0A,769
-mcp_proxy_adapter/config.py,sha256=QIOV57A_hwDH2z_BVEBJKDsPpa3IUKlqhRAij4bpQik,21600
+mcp_proxy_adapter/config.py,sha256=_VpJrmdK6NS27ABgoEABvMcgUHxCjd1D1H-HUzx3-hY,21637
 mcp_proxy_adapter/custom_openapi.py,sha256=jYUrCy8C1mShh3sjKj-JkzSMLAvxDLTvtzSJFj5HUNg,15023
 mcp_proxy_adapter/main.py,sha256=9qt_pEQdq8roUc73CumfDn6jDWP_NyfdE1lCGEynv5I,2841
 mcp_proxy_adapter/openapi.py,sha256=36vOEbJjGnVZR6hUhl6mHCD29HYOEFKo2bL0JdGSm-4,13952
-mcp_proxy_adapter/version.py,sha256=8Rv-tnRMFu7W1xVGrsKl9PqMpFzjts8hLs89BkGcJHw,76
+mcp_proxy_adapter/version.py,sha256=qSSceyK6mUT_pi9OfsbciFmPwDhxJiY6FJUPRWrc-Yo,76
 mcp_proxy_adapter/api/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mcp_proxy_adapter/api/app.py,sha256=khl4kaI4mJ6dNbfAK7hR97Ek-eWC9NBeuXHr6GVbLoU,28911
 mcp_proxy_adapter/api/handlers.py,sha256=DcZT7MVBV33q-0EJ0iFqxE0VgBkFt6d_SqoRkntwyvc,8477
@@ -21,7 +21,7 @@ mcp_proxy_adapter/api/middleware/performance.py,sha256=dHBxTF43LEGXMKHMH3A8ybKmw
 mcp_proxy_adapter/api/middleware/protocol_middleware.py,sha256=iVjJrTEfKy15ZchQUo-Mu0hBg9kEP6vgzee_3PtWd6M,8115
 mcp_proxy_adapter/api/middleware/transport_middleware.py,sha256=Esy2gGKpEV5RoUTilr1YKKTDc5jh5RxsomD0VXyR2pE,4396
 mcp_proxy_adapter/api/middleware/unified_security.py,sha256=fDWUeIuHjYUngVnB8gVR9ES3IQSaY9VP2YPZGXATJlU,7617
-mcp_proxy_adapter/api/middleware/user_info_middleware.py,sha256=gJX5WUMa-ByWpbvbFUftymH3BuQNaj1h1lGDqq9VU6g,8134
+mcp_proxy_adapter/api/middleware/user_info_middleware.py,sha256=YGtt_1Q4GkvdFopMC2wTfC3OZZXDiOU4v5BxlD1Ge9w,9168
 mcp_proxy_adapter/commands/__init__.py,sha256=r791wg4FKhWSi5rqA3vekDcGf5kr18pwF1woX-dnZKo,1525
 mcp_proxy_adapter/commands/auth_validation_command.py,sha256=z612WJDVgZwaCrxdQhATwRc5i3qxH37MPuIV6SuZPn8,15083
 mcp_proxy_adapter/commands/base.py,sha256=tunyrmt-LYJMQZslAZQor3KZvOrn1IYNpL5uOAnSdxc,15791
@@ -61,7 +61,8 @@ mcp_proxy_adapter/core/client.py,sha256=AeNjMyaTnnR0g6Sw_c28X_le8o5SbEi-_PaRtVtt
 mcp_proxy_adapter/core/client_manager.py,sha256=sKEhapMpogqb54WIWEpz2bMjrX3wvYooX-a844IfCTU,9164
 mcp_proxy_adapter/core/client_security.py,sha256=8isHpvv-7H85QzI8K3Pfyr_KdvpE2xYyIT4wqWrttNU,13575
 mcp_proxy_adapter/core/config_converter.py,sha256=FAA2zx-yRgqMgzg73o9Aq5CEEfodNCeaA8Yluto4wAs,16985
-mcp_proxy_adapter/core/config_validator.py,sha256=qDVmkRatuDeWylIPLjMq02Vpzff6DDTE_CstpzqGi7o,7773
+mcp_proxy_adapter/core/config_validator.py,sha256=fRN0D727FYlka-Yn0x3-tABJFrXjXorWR1fAD97e02c,8722
+mcp_proxy_adapter/core/crl_utils.py,sha256=_BZ5LE1Z4GBbLhQgtKWoTAtJdXNcl59y9XJvfptHBjo,11561
 mcp_proxy_adapter/core/errors.py,sha256=s34OxiIR4NCJu_pYSigKXqrIvRjUUK2OWw0X4dpDjIA,5151
 mcp_proxy_adapter/core/logging.py,sha256=jQlFz52Xwapef6UD4p0acmaGFumD9XuexwW4frDN_ZM,9626
 mcp_proxy_adapter/core/mtls_asgi.py,sha256=X2lAj3wk3L85amRCp_-10sqvZa5wJf_diXhwrrQReSo,5311
@@ -72,11 +73,11 @@ mcp_proxy_adapter/core/proxy_registration.py,sha256=Mmh-hWVJKkADLP8361Nx_SGFp9JR
 mcp_proxy_adapter/core/role_utils.py,sha256=wMoTVz3gF5fM7jozNMwsEwPkp1tui26M-t_KH1Oz8gs,12880
 mcp_proxy_adapter/core/security_adapter.py,sha256=wZ3OH1WzhUdpN8N8CrGJSFFVNi474DqdazIqQ1T8PN4,13343
 mcp_proxy_adapter/core/security_factory.py,sha256=4r7qvBq30XfosGD_b1ZHyNVLN8rOQ3NAKuaCOCEK8jA,8262
-mcp_proxy_adapter/core/security_integration.py,sha256=6oJKVCL1CRnk3sTWX-PBzDjv737oe4QL-9r3l89kRkc,13715
+mcp_proxy_adapter/core/security_integration.py,sha256=gu5fkta4rcoWkyLoMnJ7rw6CTQLZ8JASFgFgA3C8-4A,15937
 mcp_proxy_adapter/core/server_adapter.py,sha256=8dhUlLxuYjaoNgMHieFCFgDRjxskP--Y5uoAhbN6RLw,9823
 mcp_proxy_adapter/core/server_engine.py,sha256=SFENSDrVMlBD--HgKSRVklhrtLKSRSZhs_3UHxFCGbg,9540
 mcp_proxy_adapter/core/settings.py,sha256=ZfUnmqD1tjAuaQo2VAF8evC1oHUit7gTu4WkTF0IMYI,10628
-mcp_proxy_adapter/core/ssl_utils.py,sha256=_2mhpuoiRpSbUBifnQvtuziQfBRrXQUKtB58ALWTaqU,8220
+mcp_proxy_adapter/core/ssl_utils.py,sha256=qLzeMe4pQsGX2IN_PUotcaDOtExXns32gsm9AhKKdhk,9745
 mcp_proxy_adapter/core/transport_manager.py,sha256=ppcgjO-7Ulrk1ovlzlXVM89Iw4VOGA3awKgLf7FFAJ0,9518
 mcp_proxy_adapter/core/unified_config_adapter.py,sha256=cpN_VrliIFGDH3JsfRkTlFdQvLcmuMYYedq0QEzlb0Y,22857
 mcp_proxy_adapter/core/utils.py,sha256=ly8Ttg2v1OBukThJLxudRvmttU1hxJFLJUfat4b2dOI,3268
@@ -128,15 +129,15 @@ mcp_proxy_adapter/examples/full_application/commands/dynamic_calculator_command.
 mcp_proxy_adapter/examples/full_application/hooks/__init__.py,sha256=ORG4cL8cSXEMmZ0CEPz75OVuwg54pdDm2GIBpP4dtcs,200
 mcp_proxy_adapter/examples/full_application/hooks/application_hooks.py,sha256=TYXuHI-KW_mH5r8mSKgNMJCr3moeEKrqC4Eex0U298k,3457
 mcp_proxy_adapter/examples/full_application/hooks/builtin_command_hooks.py,sha256=IaskSrckZS6bE3aGxSBL8aTj-iJTSI2ysfsFjhjncyM,2975
-mcp_proxy_adapter/examples/scripts/config_generator.py,sha256=4qruYxQ2kGLVOukLX2JOW5kslJ06RhkNqTobAgh4rfw,32801
+mcp_proxy_adapter/examples/scripts/config_generator.py,sha256=30z8crMPDUcllwunkpigWrF6scWPIQaqV0gbuv6Juj8,32838
 mcp_proxy_adapter/examples/scripts/create_certificates_simple.py,sha256=xkIvUYl6hbKlWImQmenG0k_CvIsOsc9ZHICiKY3rtI8,26380
 mcp_proxy_adapter/examples/scripts/generate_certificates_and_tokens.py,sha256=J0qHm_BMY8RYqfuwf7V7xKsHcsRJx8E7x-8JxmW5sPw,15988
 mcp_proxy_adapter/schemas/base_schema.json,sha256=v9G9cGMd4dRhCZsOQ_FMqOi5VFyVbI6Cf3fyIvOT9dc,2881
 mcp_proxy_adapter/schemas/openapi_schema.json,sha256=C3yLkwmDsvnLW9B5gnKKdBGl4zxkeU-rEmjTrNVsQU0,8405
-mcp_proxy_adapter/utils/config_generator.py,sha256=2dxwBh9k_nUw9kgytZso5TNOQpBqd3c-RpKSTLoHlLE,46465
-mcp_proxy_adapter-6.2.34.dist-info/licenses/LICENSE,sha256=6KdtUcTwmTRbJrAmYjVn7e6S-V42ubeDJ-AiVEzZ510,1075
-mcp_proxy_adapter-6.2.34.dist-info/METADATA,sha256=l0uENuXxZKqEOdMXaaMBnEWWegRTQDO9CJYiNGWGIhA,22348
-mcp_proxy_adapter-6.2.34.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mcp_proxy_adapter-6.2.34.dist-info/entry_points.txt,sha256=J3eV6ID0lt_VSp4lIdIgBFTqLCThgObNNxRCbyfiMHw,70
-mcp_proxy_adapter-6.2.34.dist-info/top_level.txt,sha256=JZT7vPLBYrtroX-ij68JBhJYbjDdghcV-DFySRy-Nnw,18
-mcp_proxy_adapter-6.2.34.dist-info/RECORD,,
+mcp_proxy_adapter/utils/config_generator.py,sha256=0CnUuz4WMBtHY-FNB7MNS1eV6lsu_S_lpMmhefNvlEw,46502
+mcp_proxy_adapter-6.2.36.dist-info/licenses/LICENSE,sha256=6KdtUcTwmTRbJrAmYjVn7e6S-V42ubeDJ-AiVEzZ510,1075
+mcp_proxy_adapter-6.2.36.dist-info/METADATA,sha256=ovX3nGOSsX6_agmbvs5yBcTiJaO3w-gAdbxBee5C8ic,22348
+mcp_proxy_adapter-6.2.36.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcp_proxy_adapter-6.2.36.dist-info/entry_points.txt,sha256=J3eV6ID0lt_VSp4lIdIgBFTqLCThgObNNxRCbyfiMHw,70
+mcp_proxy_adapter-6.2.36.dist-info/top_level.txt,sha256=JZT7vPLBYrtroX-ij68JBhJYbjDdghcV-DFySRy-Nnw,18
+mcp_proxy_adapter-6.2.36.dist-info/RECORD,,