mcp-proxy-adapter 6.4.12__py3-none-any.whl → 6.4.15__py3-none-any.whl

mcp_proxy_adapter/core/app_factory.py

@@ -16,7 +16,9 @@ from fastapi import FastAPI
 from mcp_proxy_adapter.api.app import create_app
 from mcp_proxy_adapter.core.logging import setup_logging, get_logger
 from mcp_proxy_adapter.config import config
-from mcp_proxy_adapter.commands.builtin_commands import register_builtin_commands
+from mcp_proxy_adapter.commands.builtin_commands import (
+    register_builtin_commands,
+)
 
 logger = get_logger("app_factory")
 
@@ -87,10 +89,14 @@ async def create_and_run_server(
             print("✅ Configuration validation passed")
 
             # Debug: Check what config.get_all() actually returns
-            print(f"🔍 Debug: config.get_all() keys: {list(app_config.keys())}")
+            print(
+                f"🔍 Debug: config.get_all() keys: {list(app_config.keys())}"
+            )
             if "security" in app_config:
                 security_ssl = app_config["security"].get("ssl", {})
-                print(f"🔍 Debug: config.get_all() security.ssl: {security_ssl}")
+                print(
+                    f"🔍 Debug: config.get_all() security.ssl: {security_ssl}"
+                )
 
             # Debug: Check if root ssl section exists after loading
             if "ssl" in app_config:
@@ -152,7 +158,9 @@ async def create_and_run_server(
             # Validate security framework configuration only if enabled
             security_config = app_config.get("security", {})
             if security_config.get("enabled", False):
-                framework = security_config.get("framework", "mcp_security_framework")
+                framework = security_config.get(
+                    "framework", "mcp_security_framework"
+                )
                 print(f"🔒 Security framework: {framework}")
 
                 # Debug: Check SSL config before validation
@@ -202,7 +210,9 @@ async def create_and_run_server(
         if log_config_path:
             log_config_file = Path(log_config_path)
             if not log_config_file.exists():
-                print(f"❌ Log configuration file not found: {log_config_path}")
+                print(
+                    f"❌ Log configuration file not found: {log_config_path}"
+                )
                 sys.exit(1)
             setup_logging(log_config_path=str(log_config_file))
             print(f"✅ Logging configured from: {log_config_path}")
@@ -250,7 +260,9 @@ async def create_and_run_server(
 
     # 5. Create server configuration
     # Get port from config if available, otherwise use default
-    server_port = app_config.get("server", {}).get("port", 8000) if app_config else 8000
+    server_port = (
+        app_config.get("server", {}).get("port", 8000) if app_config else 8000
+    )
     print(f"🔌 Port: {server_port}")
 
     server_config = {
@@ -268,19 +280,20 @@ async def create_and_run_server(
     # Check for SSL config in root section first (higher priority)
     if app_config and "ssl" in app_config:
         print(f"🔍 Debug: SSL config found in root: {app_config['ssl']}")
-        print(f"🔍 Debug: SSL enabled: {app_config['ssl'].get('enabled', False)}")
+        print(
+            f"🔍 Debug: SSL enabled: {app_config['ssl'].get('enabled', False)}"
+        )
         if app_config["ssl"].get("enabled", False):
             ssl_config = app_config["ssl"]
             # Add SSL config directly to server_config for Hypercorn
             server_config["certfile"] = ssl_config.get("cert_file")
             server_config["keyfile"] = ssl_config.get("key_file")
-            server_config["ca_certs"] = ssl_config.get("ca_cert_file")
-            # Set verify_mode based on verify_client setting
+            server_config["ca_certs"] = ssl_config.get(
+                "ca_cert_file", ssl_config.get("ca_cert")
+            )
+            # Set verify_client based on verify_client setting
             verify_client = ssl_config.get("verify_client", False)
-            if verify_client:
-                server_config["verify_mode"] = "CERT_REQUIRED"
-            else:
-                server_config["verify_mode"] = "CERT_NONE"
+            server_config["verify_client"] = verify_client
             print(f"🔒 SSL enabled: {ssl_config.get('cert_file', 'N/A')}")
             print(
                 f"🔒 SSL enabled: cert={ssl_config.get('cert_file')}, key={ssl_config.get('key_file')}"
@@ -292,9 +305,13 @@ async def create_and_run_server(
     # Check for SSL config in security section (fallback)
     if app_config and "security" in app_config:
         security_config = app_config["security"]
-        print(f"🔍 Debug: security_config keys: {list(security_config.keys())}")
+        print(
+            f"🔍 Debug: security_config keys: {list(security_config.keys())}"
+        )
         if "ssl" in security_config:
-            print(f"🔍 Debug: SSL config found in security: {security_config['ssl']}")
+            print(
+                f"🔍 Debug: SSL config found in security: {security_config['ssl']}"
+            )
             print(
                 f"🔍 Debug: SSL enabled: {security_config['ssl'].get('enabled', False)}"
             )
@@ -303,7 +320,9 @@ async def create_and_run_server(
                 # Add SSL config directly to server_config for Hypercorn
                 server_config["certfile"] = ssl_config.get("cert_file")
                 server_config["keyfile"] = ssl_config.get("key_file")
-                server_config["ca_certs"] = ssl_config.get("ca_cert_file")
+                server_config["ca_certs"] = ssl_config.get(
+                    "ca_cert_file", ssl_config.get("ca_cert")
+                )
                 server_config["verify_mode"] = ssl_config.get("verify_mode")
                 print(f"🔒 SSL enabled: {ssl_config.get('cert_file', 'N/A')}")
                 print(
@@ -313,19 +332,20 @@ async def create_and_run_server(
                     f"🔒 Server config SSL: certfile={server_config.get('certfile')}, keyfile={server_config.get('keyfile')}, ca_certs={server_config.get('ca_certs')}, verify_mode={server_config.get('verify_mode')}"
                 )
         print(f"🔍 Debug: SSL config found in root: {app_config['ssl']}")
-        print(f"🔍 Debug: SSL enabled: {app_config['ssl'].get('enabled', False)}")
+        print(
+            f"🔍 Debug: SSL enabled: {app_config['ssl'].get('enabled', False)}"
+        )
         if app_config["ssl"].get("enabled", False):
             ssl_config = app_config["ssl"]
             # Add SSL config directly to server_config for Hypercorn
             server_config["certfile"] = ssl_config.get("cert_file")
             server_config["keyfile"] = ssl_config.get("key_file")
-            server_config["ca_certs"] = ssl_config.get("ca_cert_file")
-            # Set verify_mode based on verify_client setting
+            server_config["ca_certs"] = ssl_config.get(
+                "ca_cert_file", ssl_config.get("ca_cert")
+            )
+            # Set verify_client based on verify_client setting
             verify_client = ssl_config.get("verify_client", False)
-            if verify_client:
-                server_config["verify_mode"] = "CERT_REQUIRED"
-            else:
-                server_config["verify_mode"] = "CERT_NONE"
+            server_config["verify_client"] = verify_client
             print(f"🔒 SSL enabled: {ssl_config.get('cert_file', 'N/A')}")
             print(
                 f"🔒 SSL enabled: cert={ssl_config.get('cert_file')}, key={ssl_config.get('key_file')}"
@@ -334,20 +354,50 @@ async def create_and_run_server(
                 f"🔒 Server config SSL: certfile={server_config.get('certfile')}, keyfile={server_config.get('keyfile')}, ca_certs={server_config.get('ca_certs')}, verify_mode={server_config.get('verify_mode')}"
             )
 
-    # 6. Start server
+    # 6. Start mTLS server if needed
+    mtls_server = None
+    try:
+        # Check if mTLS is enabled
+        ssl_config = app_config.get("ssl", {}) if app_config else {}
+        verify_client = ssl_config.get("verify_client", False)
+
+        if verify_client:
+            print("🔐 mTLS enabled - starting separate mTLS server...")
+            from mcp_proxy_adapter.core.mtls_server import (
+                start_mtls_server_thread,
+            )
+
+            # Start mTLS server in separate thread
+            mtls_server = start_mtls_server_thread(app_config, main_app=app)
+            if mtls_server:
+                print(f"✅ mTLS server started on port {mtls_server.port}")
+            else:
+                print(
+                    "⚠️  Failed to start mTLS server, continuing with regular HTTPS"
+                )
+        else:
+            print("🔓 mTLS disabled - using regular HTTPS")
+    except Exception as e:
+        print(f"⚠️  Error starting mTLS server: {e}")
+        print("   Continuing with regular HTTPS server")
+
+    # 7. Start main server
     try:
-        print("🚀 Starting server...")
+        print("🚀 Starting main server...")
         print("   Use Ctrl+C to stop the server")
         print("=" * 60)
 
         # Use hypercorn directly
         import hypercorn.asyncio
         import hypercorn.config
-        import asyncio
+
+        # import asyncio  # Unused import
 
         # Configure hypercorn
         config_hypercorn = hypercorn.config.Config()
-        config_hypercorn.bind = [f"{server_config['host']}:{server_config['port']}"]
+        config_hypercorn.bind = [
+            f"{server_config['host']}:{server_config['port']}"
+        ]
         config_hypercorn.loglevel = server_config.get("log_level", "info")
 
         # Add SSL configuration if present
@@ -359,15 +409,25 @@ async def create_and_run_server(
             config_hypercorn.ca_certs = server_config["ca_certs"]
         if "verify_mode" in server_config:
             import ssl
+
             # Use the verify_mode from configuration, default to CERT_NONE
-            verify_mode = getattr(ssl, server_config["verify_mode"], ssl.CERT_NONE)
+            verify_mode = getattr(
+                ssl, server_config["verify_mode"], ssl.CERT_NONE
+            )
             config_hypercorn.verify_mode = verify_mode
 
         # Determine if SSL is enabled
-        ssl_enabled = any(key in server_config for key in ["certfile", "keyfile"])
+        ssl_enabled = any(
+            key in server_config for key in ["certfile", "keyfile"]
+        )
 
         if ssl_enabled:
-            print(f"🔐 Starting HTTPS server with hypercorn...")
+            if verify_client:
+                print(
+                    f"🔐 Starting HTTPS server with hypercorn (mTLS on separate port)..."
+                )
+            else:
+                print(f"🔐 Starting HTTPS server with hypercorn...")
         else:
             print(f"🌐 Starting HTTP server with hypercorn...")
 
@@ -378,8 +438,16 @@ async def create_and_run_server(
 
     except KeyboardInterrupt:
         print("\n🛑 Server stopped by user")
+        # Stop mTLS server if running
+        if mtls_server:
+            print("🛑 Stopping mTLS server...")
+            mtls_server.stop()
     except Exception as e:
         print(f"\n❌ Failed to start server: {e}")
+        # Stop mTLS server if running
+        if mtls_server:
+            print("🛑 Stopping mTLS server...")
+            mtls_server.stop()
         import traceback
 
         traceback.print_exc()
@@ -454,7 +522,9 @@ def create_application(
     from fastapi.middleware.cors import CORSMiddleware
     from mcp_proxy_adapter.api.app import create_app
     from mcp_proxy_adapter.core.logging import setup_logging
-    from mcp_proxy_adapter.commands.builtin_commands import register_builtin_commands
+    from mcp_proxy_adapter.commands.builtin_commands import (
+        register_builtin_commands,
+    )
 
     # Setup logging
     setup_logging()
@@ -464,7 +534,10 @@ def create_application(
 
     # Create FastAPI application using existing create_app function
     app = create_app(
-        title=title, description=description, version=version, app_config=config
+        title=title,
+        description=description,
+        version=version,
+        app_config=config,
     )
 
     # Add CORS middleware

mcp_proxy_adapter/core/mtls_server.py

@@ -0,0 +1,314 @@
+#!/usr/bin/env python3
+"""
+mTLS Server implementation using built-in http.server.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import threading
+import ssl
+import json
+import logging
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from typing import Optional, Dict, Any
+import os
+
+logger = logging.getLogger(__name__)
+
+
+class mTLSHandler(BaseHTTPRequestHandler):
+    """Handler for mTLS connections."""
+
+    def __init__(self, *args, main_app=None, **kwargs):
+        self.main_app = main_app
+        super().__init__(*args, **kwargs)
+
+    def log_message(self, format, *args):
+        """Override to use our logger."""
+        logger.info(f"mTLS Server: {format % args}")
+
+    def do_GET(self):
+        """Handle GET requests."""
+        try:
+            # Get client certificate
+            client_cert = None
+            if hasattr(self.connection, "getpeercert"):
+                client_cert = self.connection.getpeercert()
+
+            # Process request through main app if available
+            if self.main_app:
+                # Forward to main FastAPI app
+                response_data = self._forward_to_main_app(
+                    "GET", self.path, client_cert
+                )
+            else:
+                # Simple response
+                response_data = {
+                    "status": "ok",
+                    "message": "mTLS connection successful",
+                    "client_cert": client_cert,
+                    "path": self.path,
+                }
+
+            # Send response
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.end_headers()
+            self.wfile.write(json.dumps(response_data).encode())
+
+        except Exception as e:
+            logger.error(f"Error in mTLS GET handler: {e}")
+            self.send_error(500, str(e))
+
+    def do_POST(self):
+        """Handle POST requests."""
+        try:
+            # Get content length
+            content_length = int(self.headers.get("Content-Length", 0))
+
+            # Read request body
+            post_data = None
+            if content_length > 0:
+                post_data = self.rfile.read(content_length)
+
+            # Get client certificate
+            client_cert = None
+            if hasattr(self.connection, "getpeercert"):
+                client_cert = self.connection.getpeercert()
+
+            # Process request through main app if available
+            if self.main_app:
+                # Forward to main FastAPI app
+                response_data = self._forward_to_main_app(
+                    "POST", self.path, client_cert, post_data
+                )
+            else:
+                # Simple response
+                response_data = {
+                    "status": "ok",
+                    "message": "mTLS POST successful",
+                    "client_cert": client_cert,
+                    "path": self.path,
+                    "data_received": len(post_data) if post_data else 0,
+                }
+
+            # Send response
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.end_headers()
+            self.wfile.write(json.dumps(response_data).encode())
+
+        except Exception as e:
+            logger.error(f"Error in mTLS POST handler: {e}")
+            self.send_error(500, str(e))
+
+    def _forward_to_main_app(
+        self,
+        method: str,
+        path: str,
+        client_cert: Optional[Dict],
+        post_data: Optional[bytes] = None,
+    ) -> Dict[str, Any]:
+        """Forward request to main FastAPI application."""
+        try:
+            # This is a simplified forwarding - in real implementation
+            # you would use httpx or similar to make internal HTTP calls
+            # to the main FastAPI app running on different port
+
+            return {
+                "status": "ok",
+                "message": f"mTLS {method} forwarded to main app",
+                "client_cert": client_cert,
+                "path": path,
+                "forwarded": True,
+            }
+        except Exception as e:
+            logger.error(f"Error forwarding to main app: {e}")
+            return {
+                "status": "error",
+                "message": f"Forwarding failed: {e}",
+                "client_cert": client_cert,
+                "path": path,
+            }
+
+
+class mTLSServer:
+    """mTLS Server using built-in http.server."""
+
+    def __init__(
+        self,
+        host: str = "127.0.0.1",
+        port: int = 8443,
+        cert_file: str = "certs/localhost_server.crt",
+        key_file: str = "keys/localhost_server.key",
+        ca_cert_file: str = "certs/test_ca_ca.crt",
+        main_app=None,
+    ):
+        """
+        Initialize mTLS server.
+
+        Args:
+            host: Server host
+            port: Server port
+            cert_file: Server certificate file
+            key_file: Server private key file
+            ca_cert_file: CA certificate file for client verification
+            main_app: Main FastAPI application for forwarding requests
+        """
+        self.host = host
+        self.port = port
+        self.cert_file = cert_file
+        self.key_file = key_file
+        self.ca_cert_file = ca_cert_file
+        self.main_app = main_app
+
+        self.server: Optional[HTTPServer] = None
+        self.server_thread: Optional[threading.Thread] = None
+        self.running = False
+
+        logger.info(f"mTLS Server initialized: {host}:{port}")
+
+    def _create_handler(self):
+        """Create handler with main app reference."""
+
+        def handler(*args, **kwargs):
+            return mTLSHandler(*args, main_app=self.main_app, **kwargs)
+
+        return handler
+
+    def start(self) -> bool:
+        """Start mTLS server in separate thread."""
+        try:
+            # Check if certificate files exist
+            if not os.path.exists(self.cert_file):
+                logger.error(f"Certificate file not found: {self.cert_file}")
+                return False
+
+            if not os.path.exists(self.key_file):
+                logger.error(f"Key file not found: {self.key_file}")
+                return False
+
+            if not os.path.exists(self.ca_cert_file):
+                logger.error(
+                    f"CA certificate file not found: {self.ca_cert_file}"
+                )
+                return False
+
+            # Create server
+            handler_class = self._create_handler()
+            self.server = HTTPServer((self.host, self.port), handler_class)
+
+            # Configure SSL context
+            context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            context.load_cert_chain(self.cert_file, self.key_file)
+            context.load_verify_locations(self.ca_cert_file)
+            context.verify_mode = ssl.CERT_REQUIRED
+
+            # Wrap socket with SSL
+            self.server.socket = context.wrap_socket(
+                self.server.socket, server_side=True
+            )
+
+            # Start server in separate thread
+            self.server_thread = threading.Thread(
+                target=self._run_server, daemon=True
+            )
+            self.server_thread.start()
+
+            self.running = True
+            logger.info(
+                f"✅ mTLS Server started on https://{self.host}:{self.port}"
+            )
+            return True
+
+        except Exception as e:
+            logger.error(f"Failed to start mTLS server: {e}")
+            return False
+
+    def _run_server(self):
+        """Run the server (blocking)."""
+        try:
+            logger.info(
+                f"mTLS Server listening on https://{self.host}:{self.port}"
+            )
+            self.server.serve_forever()
+        except Exception as e:
+            logger.error(f"mTLS Server error: {e}")
+        finally:
+            self.running = False
+
+    def stop(self):
+        """Stop mTLS server."""
+        if self.server and self.running:
+            try:
+                self.server.shutdown()
+                self.server.server_close()
+                self.running = False
+                logger.info("✅ mTLS Server stopped")
+            except Exception as e:
+                logger.error(f"Error stopping mTLS server: {e}")
+
+    def is_running(self) -> bool:
+        """Check if server is running."""
+        return (
+            self.running
+            and self.server_thread
+            and self.server_thread.is_alive()
+        )
+
+
+def start_mtls_server_thread(
+    config: Dict[str, Any], main_app=None
+) -> Optional[mTLSServer]:
+    """
+    Start mTLS server in separate thread.
+
+    Args:
+        config: Configuration dictionary
+        main_app: Main FastAPI application
+
+    Returns:
+        mTLSServer instance or None if failed
+    """
+    try:
+        # Extract SSL configuration
+        ssl_config = config.get("ssl", {})
+
+        # Check if mTLS is enabled
+        verify_client = ssl_config.get("verify_client", False)
+        if not verify_client:
+            logger.info(
+                "mTLS not enabled (verify_client=False), skipping mTLS server"
+            )
+            return None
+
+        # Get server configuration
+        server_config = config.get("server", {})
+        host = server_config.get("host", "127.0.0.1")
+        port = ssl_config.get("mtls_port", 8443)  # Different port for mTLS
+
+        # Get certificate paths
+        cert_file = ssl_config.get("cert_file", "certs/localhost_server.crt")
+        key_file = ssl_config.get("key_file", "keys/localhost_server.key")
+        ca_cert_file = ssl_config.get("ca_cert", "certs/test_ca_ca.crt")
+
+        # Create and start mTLS server
+        mtls_server = mTLSServer(
+            host=host,
+            port=port,
+            cert_file=cert_file,
+            key_file=key_file,
+            ca_cert_file=ca_cert_file,
+            main_app=main_app,
+        )
+
+        if mtls_server.start():
+            return mtls_server
+        else:
+            logger.error("Failed to start mTLS server")
+            return None
+
+    except Exception as e:
+        logger.error(f"Error starting mTLS server thread: {e}")
+        return None

mcp_proxy_adapter/core/server_engine.py

@@ -9,6 +9,7 @@ email: vasilyvz@gmail.com
 """
 
 import logging
+import asyncio
 from abc import ABC, abstractmethod
 from typing import Dict, Any, Optional
 from pathlib import Path

mcp_proxy_adapter/examples/run_full_test_suite.py

@@ -298,7 +298,7 @@ class FullTestSuiteRunner:
                         "enabled": True,
                         "cert_file": "certs/localhost_server.crt",
                         "key_file": "keys/localhost_server.key",
-                        "ca_cert": "certs/mcp_proxy_adapter_ca_ca.crt",
+                        "ca_cert": "certs/test_ca_ca.crt",
                         "client_cert_file": "certs/admin_cert.pem",
                         "client_key_file": "certs/admin_key.pem",
                         "verify_client": True
@@ -436,10 +436,6 @@ class FullTestSuiteRunner:
         print(f"Python executable: {sys.executable}")
 
         try:
-            # Step 0: Clean up existing directories
-            if not self.cleanup_directories():
-                return False
-
             # Step 1: Environment validation
             if not self.check_environment():
                 return False