PyPI - mcp-proxy-adapter - Versions diffs - 6.2.35__py3-none-any.whl → 6.3.0__py3-none-any.whl - Mend

mcp-proxy-adapter 6.2.35py3-none-any.whl → 6.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

mcp_proxy_adapter/core/security_integration.py CHANGED Viewed

@@ -8,24 +8,33 @@ Author: Vasiliy Zdanovskiy
 email: vasilyvz@gmail.com
 """
-import logging
-from typing import Dict, Any, Optional, List
-from pathlib import Path
+from typing import Dict, Any, List
 # Direct imports from framework
 try:
     from mcp_security_framework import (
-        SecurityManager, AuthManager, CertificateManager,
-        PermissionManager, RateLimiter
+        SecurityManager,
+        AuthManager,
+        CertificateManager,
+        PermissionManager,
+        RateLimiter,
     )
     from mcp_security_framework.schemas.config import (
-        SecurityConfig, AuthConfig, SSLConfig, PermissionConfig,
-        RateLimitConfig, CertificateConfig, LoggingConfig
+        SecurityConfig,
+        AuthConfig,
+        SSLConfig,
+        PermissionConfig,
+        RateLimitConfig,
+        CertificateConfig,
+        LoggingConfig,
     )
     from mcp_security_framework.schemas.models import (
-        AuthResult, ValidationResult, CertificateInfo, CertificatePair
+        AuthResult,
+        ValidationResult,
+        CertificatePair,
     )
     from mcp_security_framework.middleware.fastapi_middleware import FastAPISecurityMiddleware
     SECURITY_FRAMEWORK_AVAILABLE = True
 except ImportError:
     SECURITY_FRAMEWORK_AVAILABLE = False
@@ -43,38 +52,38 @@ from mcp_proxy_adapter.core.logging import logger
 class SecurityIntegration:
     """
     Direct integration with mcp_security_framework.
     This class replaces all project security methods with direct calls
     to the security framework components.
     """
     def __init__(self, config: Dict[str, Any]):
         """
         Initialize security integration.
         Args:
             config: Configuration dictionary
         """
         if not SECURITY_FRAMEWORK_AVAILABLE:
             raise ImportError("mcp_security_framework is not available")
         self.config = config
         self.security_config = self._create_security_config()
         # Initialize framework components
         self.security_manager = SecurityManager(self.security_config)
         self.permission_manager = PermissionManager(self.security_config.permissions)
         self.auth_manager = AuthManager(self.security_config.auth, self.permission_manager)
         self.certificate_manager = CertificateManager(self.security_config.certificates)
         self.rate_limiter = RateLimiter(self.security_config.rate_limit)
         logger.info("Security integration initialized with mcp_security_framework")
     def _create_security_config(self) -> SecurityConfig:
         """Create SecurityConfig from project configuration."""
         # self.config is already the security section passed from unified_security.py
         security_section = self.config
         # Create SSL config
         ssl_config = SSLConfig(
             enabled=security_section.get("ssl", {}).get("enabled", False),
@@ -87,9 +96,9 @@ class SecurityIntegration:
             min_tls_version=security_section.get("ssl", {}).get("min_tls_version", "TLSv1.2"),
             check_hostname=security_section.get("ssl", {}).get("check_hostname", True),
             check_expiry=security_section.get("ssl", {}).get("check_expiry", True),
-            expiry_warning_days=security_section.get("ssl", {}).get("expiry_warning_days", 30)
+            expiry_warning_days=security_section.get("ssl", {}).get("expiry_warning_days", 30),
         )
         # Create auth config
         auth_config = AuthConfig(
             enabled=security_section.get("auth", {}).get("enabled", True),
@@ -100,21 +109,23 @@ class SecurityIntegration:
             jwt_algorithm=security_section.get("auth", {}).get("jwt_algorithm", "HS256"),
             jwt_expiry_hours=security_section.get("auth", {}).get("jwt_expiry_hours", 24),
             certificate_auth=security_section.get("auth", {}).get("certificate_auth", False),
-            public_paths=security_section.get("auth", {}).get("public_paths", [])
+            public_paths=security_section.get("auth", {}).get("public_paths", []),
         )
         # Create permission config - handle null values properly
         permissions_section = security_section.get("permissions", {})
         permissions_enabled = permissions_section.get("enabled", True)
         if permissions_enabled:
             roles_file = permissions_section.get("roles_file")
             # If roles_file is None or empty string, don't pass it to avoid framework errors
             if roles_file is None or roles_file == "":
-                logger.warning("roles_file is None or empty, permissions will use default configuration")
+                logger.warning(
+                    "roles_file is None or empty, permissions will use default configuration"
+                )
                 roles_file = None
             permission_config = PermissionConfig(
                 enabled=True,
                 roles_file=roles_file,
@@ -125,7 +136,7 @@ class SecurityIntegration:
                 permission_cache_ttl=permissions_section.get("permission_cache_ttl", 300),
                 wildcard_permissions=permissions_section.get("wildcard_permissions", False),
                 strict_mode=permissions_section.get("strict_mode", True),
-                roles=permissions_section.get("roles")
+                roles=permissions_section.get("roles"),
             )
         else:
             # Create minimal permission config when permissions are disabled
@@ -139,42 +150,56 @@ class SecurityIntegration:
                 permission_cache_ttl=300,
                 wildcard_permissions=False,
                 strict_mode=False,
-                roles={}
+                roles={},
             )
         # Create rate limit config
         rate_limit_config = RateLimitConfig(
             enabled=security_section.get("rate_limit", {}).get("enabled", True),
-            default_requests_per_minute=security_section.get("rate_limit", {}).get("default_requests_per_minute", 60),
-            default_requests_per_hour=security_section.get("rate_limit", {}).get("default_requests_per_hour", 1000),
+            default_requests_per_minute=security_section.get("rate_limit", {}).get(
+                "default_requests_per_minute", 60
+            ),
+            default_requests_per_hour=security_section.get("rate_limit", {}).get(
+                "default_requests_per_hour", 1000
+            ),
             burst_limit=security_section.get("rate_limit", {}).get("burst_limit", 2),
-            window_size_seconds=security_section.get("rate_limit", {}).get("window_size_seconds", 60),
+            window_size_seconds=security_section.get("rate_limit", {}).get(
+                "window_size_seconds", 60
+            ),
             storage_backend=security_section.get("rate_limit", {}).get("storage_backend", "memory"),
             exempt_paths=security_section.get("rate_limit", {}).get("exempt_paths", []),
-            exempt_roles=security_section.get("rate_limit", {}).get("exempt_roles", [])
+            exempt_roles=security_section.get("rate_limit", {}).get("exempt_roles", []),
         )
         # Create certificate config
         certificate_config = CertificateConfig(
             enabled=security_section.get("certificates", {}).get("enabled", False),
             ca_cert_path=security_section.get("certificates", {}).get("ca_cert_path"),
             ca_key_path=security_section.get("certificates", {}).get("ca_key_path"),
-            cert_storage_path=security_section.get("certificates", {}).get("cert_storage_path", "./certs"),
-            key_storage_path=security_section.get("certificates", {}).get("key_storage_path", "./keys"),
-            default_validity_days=security_section.get("certificates", {}).get("default_validity_days", 365),
+            cert_storage_path=security_section.get("certificates", {}).get(
+                "cert_storage_path", "./certs"
+            ),
+            key_storage_path=security_section.get("certificates", {}).get(
+                "key_storage_path", "./keys"
+            ),
+            default_validity_days=security_section.get("certificates", {}).get(
+                "default_validity_days", 365
+            ),
             key_size=security_section.get("certificates", {}).get("key_size", 2048),
-            hash_algorithm=security_section.get("certificates", {}).get("hash_algorithm", "sha256")
+            hash_algorithm=security_section.get("certificates", {}).get("hash_algorithm", "sha256"),
         )
         # Create logging config
         logging_config = LoggingConfig(
             enabled=security_section.get("logging", {}).get("enabled", True),
             level=security_section.get("logging", {}).get("level", "INFO"),
-            format=security_section.get("logging", {}).get("format", "%(asctime)s - %(name)s - %(levelname)s - %(message)s"),
+            format=security_section.get("logging", {}).get(
+                "format", "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+            ),
             console_output=security_section.get("logging", {}).get("console_output", True),
-            file_path=security_section.get("logging", {}).get("file_path")
+            file_path=security_section.get("logging", {}).get("file_path"),
         )
         # Create main security config
         return SecurityConfig(
             ssl=ssl_config,
@@ -185,95 +210,134 @@ class SecurityIntegration:
             logging=logging_config,
             debug=security_section.get("debug", False),
             environment=security_section.get("environment", "dev"),
-            version=security_section.get("version", "1.0.0")
+            version=security_section.get("version", "1.0.0"),
         )
     # Authentication methods - direct calls to AuthManager
     async def authenticate_api_key(self, api_key: str) -> AuthResult:
         """Authenticate using API key."""
         return await self.auth_manager.authenticate_api_key(api_key)
     async def authenticate_jwt(self, token: str) -> AuthResult:
         """Authenticate using JWT token."""
         return await self.auth_manager.authenticate_jwt(token)
     async def authenticate_certificate(self, cert_data: bytes) -> AuthResult:
         """Authenticate using certificate."""
         return await self.auth_manager.authenticate_certificate(cert_data)
     async def validate_request(self, request_data: Dict[str, Any]) -> ValidationResult:
         """Validate request using security manager."""
         return await self.security_manager.validate_request(request_data)
     # Certificate methods - direct calls to CertificateManager
     async def create_ca_certificate(self, common_name: str, **kwargs) -> CertificatePair:
         """Create CA certificate."""
         return await self.certificate_manager.create_ca_certificate(common_name, **kwargs)
     async def create_client_certificate(self, common_name: str, **kwargs) -> CertificatePair:
         """Create client certificate."""
         return await self.certificate_manager.create_client_certificate(common_name, **kwargs)
     async def create_server_certificate(self, common_name: str, **kwargs) -> CertificatePair:
         """Create server certificate."""
         return await self.certificate_manager.create_server_certificate(common_name, **kwargs)
     async def validate_certificate(self, cert_path: str) -> bool:
-        """Validate certificate."""
-        return await self.certificate_manager.validate_certificate(cert_path)
+        """Validate certificate with CRL check if enabled."""
+        try:
+            # Get CRL configuration from security config
+            crl_config = None
+            if hasattr(self.security_config, "certificates"):
+                cert_config = self.security_config.certificates
+                # Only analyze CRL paths if certificates are enabled
+                if (
+                    hasattr(cert_config, "enabled")
+                    and cert_config.enabled
+                    and hasattr(cert_config, "crl_enabled")
+                    and cert_config.crl_enabled
+                ):
+                    crl_config = {
+                        "crl_enabled": cert_config.crl_enabled,
+                        "crl_path": getattr(cert_config, "crl_path", None),
+                        "crl_url": getattr(cert_config, "crl_url", None),
+                        "crl_validity_days": getattr(cert_config, "crl_validity_days", 30),
+                    }
+            # Use mcp_security_framework's validate_certificate_chain with CRL
+            if crl_config and crl_config.get("crl_enabled"):
+                from mcp_security_framework.utils.cert_utils import validate_certificate_chain
+                from .crl_utils import CRLManager
+                # Get CRL data
+                crl_manager = CRLManager(crl_config)
+                crl_data = crl_manager.get_crl_data()
+                # Validate with CRL
+                if crl_data:
+                    return validate_certificate_chain(
+                        cert_path, self.security_config.certificates.ca_cert_path, crl_data
+                    )
+            # Fallback to standard validation
+            return await self.certificate_manager.validate_certificate(cert_path)
+        except Exception as e:
+            logger.error(f"Certificate validation failed: {e}")
+            return False
     async def extract_roles_from_certificate(self, cert_path: str) -> List[str]:
         """Extract roles from certificate."""
         return await self.certificate_manager.extract_roles_from_certificate(cert_path)
     async def revoke_certificate(self, cert_path: str) -> bool:
         """Revoke certificate."""
         return await self.certificate_manager.revoke_certificate(cert_path)
     # Permission methods - direct calls to PermissionManager
     async def check_permission(self, user_id: str, permission: str) -> bool:
         """Check user permission."""
         return await self.permission_manager.check_permission(user_id, permission)
     async def get_user_roles(self, user_id: str) -> List[str]:
         """Get user roles."""
         return await self.permission_manager.get_user_roles(user_id)
     async def add_user_role(self, user_id: str, role: str) -> bool:
         """Add role to user."""
         return await self.permission_manager.add_user_role(user_id, role)
     async def remove_user_role(self, user_id: str, role: str) -> bool:
         """Remove role from user."""
         return await self.permission_manager.remove_user_role(user_id, role)
     # Rate limiting methods - direct calls to RateLimiter
     async def check_rate_limit(self, identifier: str, limit_type: str = "per_minute") -> bool:
         """Check rate limit."""
         return await self.rate_limiter.check_rate_limit(identifier, limit_type)
     async def increment_rate_limit(self, identifier: str) -> None:
         """Increment rate limit counter."""
         await self.rate_limiter.increment_rate_limit(identifier)
     async def get_rate_limit_info(self, identifier: str) -> Dict[str, Any]:
         """Get rate limit information."""
         return await self.rate_limiter.get_rate_limit_info(identifier)
     # Middleware creation - direct use of framework middleware
     def create_fastapi_middleware(self, app) -> FastAPISecurityMiddleware:
         """Create FastAPI security middleware."""
         return FastAPISecurityMiddleware(app, self.security_config)
     # Utility methods
     def is_security_enabled(self) -> bool:
         """Check if security is enabled."""
         return self.security_config.auth.enabled or self.security_config.ssl.enabled
     def get_public_paths(self) -> List[str]:
         """Get public paths that bypass authentication."""
         return self.security_config.auth.public_paths
     def get_security_config(self) -> SecurityConfig:
         """Get security configuration."""
         return self.security_config
@@ -283,13 +347,13 @@ class SecurityIntegration:
 def create_security_integration(config: Dict[str, Any]) -> SecurityIntegration:
     """
     Create security integration instance.
     Args:
         config: Configuration dictionary
     Returns:
         SecurityIntegration instance
     Raises:
         RuntimeError: If security integration cannot be created
     """

mcp_proxy_adapter/core/ssl_utils.py CHANGED Viewed

@@ -3,8 +3,10 @@ SSL Utilities Module
 This module provides utilities for SSL/TLS configuration and certificate validation.
 Integrates with AuthValidator from Phase 0 for certificate validation.
+Supports CRL (Certificate Revocation List) validation.
-Author: MCP Proxy Adapter Team
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
 Version: 1.0.0
 """
@@ -14,6 +16,7 @@ from typing import List, Optional, Dict, Any
 from pathlib import Path
 from .auth_validator import AuthValidator
+from .crl_utils import CRLManager
 logger = logging.getLogger(__name__)
@@ -47,7 +50,8 @@ class SSLUtils:
                           verify_client: bool = False,
                           cipher_suites: Optional[List[str]] = None,
                           min_tls_version: str = "1.2",
-                          max_tls_version: str = "1.3") -> ssl.SSLContext:
+                          max_tls_version: str = "1.3",
+                          crl_config: Optional[Dict[str, Any]] = None) -> ssl.SSLContext:
         """
         Create SSL context with specified configuration.
@@ -59,6 +63,7 @@ class SSLUtils:
             cipher_suites: List of cipher suites to use
             min_tls_version: Minimum TLS version
             max_tls_version: Maximum TLS version
+            crl_config: CRL configuration dictionary (optional)
         Returns:
             Configured SSL context
@@ -73,6 +78,17 @@ class SSLUtils:
         if not result.is_valid:
             raise ValueError(f"Invalid certificate: {result.error_message}")
+        # Check CRL if configured
+        if crl_config:
+            try:
+                crl_manager = CRLManager(crl_config)
+                if crl_manager.is_certificate_revoked(cert_file):
+                    raise ValueError(f"Certificate is revoked according to CRL: {cert_file}")
+            except Exception as e:
+                logger.error(f"CRL check failed: {e}")
+                # For security, fail if CRL check fails
+                raise ValueError(f"CRL validation failed: {e}")
         # Check if files exist
         if not Path(cert_file).exists():
             raise FileNotFoundError(f"Certificate file not found: {cert_file}")
@@ -111,12 +127,13 @@ class SSLUtils:
         return context
     @staticmethod
-    def validate_certificate(cert_file: str) -> bool:
+    def validate_certificate(cert_file: str, crl_config: Optional[Dict[str, Any]] = None) -> bool:
         """
-        Validate certificate using AuthValidator.
+        Validate certificate using AuthValidator and optional CRL check.
         Args:
             cert_file: Path to certificate file
+            crl_config: CRL configuration dictionary (optional)
         Returns:
             True if certificate is valid, False otherwise
@@ -124,7 +141,22 @@ class SSLUtils:
         try:
             validator = AuthValidator()
             result = validator.validate_certificate(cert_file)
-            return result.is_valid
+            if not result.is_valid:
+                return False
+            # Check CRL if configured
+            if crl_config:
+                try:
+                    crl_manager = CRLManager(crl_config)
+                    if crl_manager.is_certificate_revoked(cert_file):
+                        logger.warning(f"Certificate is revoked according to CRL: {cert_file}")
+                        return False
+                except Exception as e:
+                    logger.error(f"CRL check failed: {e}")
+                    # For security, consider certificate invalid if CRL check fails
+                    return False
+            return True
         except Exception as e:
             logger.error(f"Certificate validation failed: {e}")
             return False

mcp_proxy_adapter/examples/scripts/config_generator.py CHANGED Viewed

@@ -107,6 +107,7 @@ class ConfigGenerator:
                     "hash_algorithm": "sha256",
                     "crl_enabled": False,
                     "crl_path": None,
+                    "crl_url": None,
                     "crl_validity_days": 30,
                     "auto_renewal": False,
                     "renewal_threshold_days": 30

mcp_proxy_adapter/main.py CHANGED Viewed

@@ -19,6 +19,7 @@ sys.path.insert(0, str(Path(__file__).parent.parent))
 from mcp_proxy_adapter.api.app import create_app
 from mcp_proxy_adapter.config import Config
+from mcp_proxy_adapter.core.config_validator import ConfigValidator
 def main():
@@ -27,28 +28,36 @@ def main():
     parser = argparse.ArgumentParser(description="MCP Proxy Adapter Server")
     parser.add_argument("--config", "-c", type=str, help="Path to configuration file")
     args = parser.parse_args()
     # Load configuration
     if args.config:
         config = Config(config_path=args.config)
     else:
         config = Config()
+    # Validate UUID configuration (mandatory)
+    validator = ConfigValidator(config.get_all())
+    if not validator.validate_all():
+        print("❌ Configuration validation failed:")
+        for error in validator.get_errors():
+            print(f"   - {error}")
+        sys.exit(1)
+    print("✅ Configuration validation passed")
     # Create application
     app = create_app(app_config=config)
     # Get server configuration
     host = config.get("server.host", "0.0.0.0")
     port = config.get("server.port", 8000)
     # Get SSL configuration
     ssl_enabled = config.get("ssl.enabled", False)
     ssl_cert_file = config.get("ssl.cert_file")
     ssl_key_file = config.get("ssl.key_file")
     ssl_ca_cert = config.get("ssl.ca_cert")
     verify_client = config.get("ssl.verify_client", False)
     print(f"🚀 Starting MCP Proxy Adapter")
     print(f"🌐 Server: {host}:{port}")
     if ssl_enabled:
@@ -59,18 +68,18 @@ def main():
             print(f"   CA: {ssl_ca_cert}")
         print(f"   Client verification: {verify_client}")
     print("=" * 50)
     # Configure hypercorn
     config_hypercorn = hypercorn.config.Config()
     config_hypercorn.bind = [f"{host}:{port}"]
     if ssl_enabled and ssl_cert_file and ssl_key_file:
         config_hypercorn.certfile = ssl_cert_file
         config_hypercorn.keyfile = ssl_key_file
         if ssl_ca_cert:
             config_hypercorn.ca_certs = ssl_ca_cert
         if verify_client:
             # For mTLS, require client certificates
             config_hypercorn.set_cert_reqs(ssl.CERT_REQUIRED)
@@ -80,11 +89,11 @@ def main():
             # For regular HTTPS without client verification
             config_hypercorn.set_cert_reqs(ssl.CERT_NONE)
             config_hypercorn.verify_mode = ssl.CERT_NONE
         print(f"🔐 Starting HTTPS server with hypercorn...")
     else:
         print(f"🌐 Starting HTTP server with hypercorn...")
     # Run the server
     asyncio.run(hypercorn.asyncio.serve(app, config_hypercorn))

mcp_proxy_adapter/utils/config_generator.py CHANGED Viewed

@@ -107,6 +107,7 @@ class ConfigGenerator:
                     "hash_algorithm": "sha256",
                     "crl_enabled": False,
                     "crl_path": None,
+                    "crl_url": None,
                     "crl_validity_days": 30,
                     "auto_renewal": False,
                     "renewal_threshold_days": 30

mcp_proxy_adapter/version.py CHANGED Viewed

@@ -2,5 +2,5 @@
 Version information for MCP Proxy Adapter.
 """
-__version__ = "6.2.35"
+__version__ = "6.3.0"

{mcp_proxy_adapter-6.2.35.dist-info → mcp_proxy_adapter-6.3.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-proxy-adapter
-Version: 6.2.35
+Version: 6.3.0
 Summary: Powerful JSON-RPC microservices framework with built-in security, authentication, and proxy registration
 Home-page: https://github.com/maverikod/mcp-proxy-adapter
 Author: Vasiliy Zdanovskiy

mcp-proxy-adapter 6.2.35__py3-none-any.whl → 6.3.0__py3-none-any.whl

mcp-proxy-adapter 6.2.35py3-none-any.whl → 6.3.0py3-none-any.whl