PyPI - mcp-proxy-adapter - Versions diffs - 6.4.43__py3-none-any.whl → 6.4.45__py3-none-any.whl - Mend

mcp-proxy-adapter 6.4.43py3-none-any.whl → 6.4.45py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

mcp_proxy_adapter/core/proxy_registration.py CHANGED Viewed

@@ -68,84 +68,116 @@ class ProxyRegistrationManager:
         except Exception:
             pass
-        # Basic registration settings
-        self.proxy_url = self.registration_config.get("proxy_url")
-        if not self.proxy_url:
-            raise ValueError(
-                "proxy_url is required in registration configuration. "
-                "Please specify a valid proxy URL in your configuration."
-            )
-        self.server_id = self.registration_config.get("server_id")
-        if not self.server_id:
-            # Try to get from proxy_info.name as fallback
-            self.server_id = self.registration_config.get("proxy_info", {}).get("name")
-            if not self.server_id:
+        # Check if registration is enabled
+        self.enabled = self.registration_config.get("enabled", False)
+        # Basic registration settings - only validate if enabled
+        if self.enabled:
+            self.proxy_url = self.registration_config.get("proxy_url")
+            if not self.proxy_url:
                 raise ValueError(
-                    "server_id is required in registration configuration. "
-                    "Please specify a server_id or proxy_info.name in your configuration."
+                    "proxy_url is required in registration configuration. "
+                    "Please specify a valid proxy URL in your configuration."
                 )
-        self.server_name = self.registration_config.get("server_name")
-        if not self.server_name:
-            # Try to get from proxy_info.name as fallback
-            self.server_name = self.registration_config.get("proxy_info", {}).get("name")
+        else:
+            self.proxy_url = None
+        if self.enabled:
+            self.server_id = self.registration_config.get("server_id")
+            if not self.server_id:
+                # Try to get from proxy_info.name as fallback
+                self.server_id = self.registration_config.get("proxy_info", {}).get("name")
+                if not self.server_id:
+                    raise ValueError(
+                        "server_id is required in registration configuration. "
+                        "Please specify a server_id or proxy_info.name in your configuration."
+                    )
+            self.server_name = self.registration_config.get("server_name")
             if not self.server_name:
+                # Try to get from proxy_info.name as fallback
+                self.server_name = self.registration_config.get("proxy_info", {}).get("name")
+                if not self.server_name:
+                    raise ValueError(
+                        "server_name is required in registration configuration. "
+                        "Please specify a server_name or proxy_info.name in your configuration."
+                    )
+            self.description = self.registration_config.get("description")
+            if not self.description:
+                # Try to get from proxy_info.description as fallback
+                self.description = self.registration_config.get("proxy_info", {}).get("description")
+                if not self.description:
+                    raise ValueError(
+                        "description is required in registration configuration. "
+                        "Please specify a description or proxy_info.description in your configuration."
+                    )
+        else:
+            self.server_id = None
+            self.server_name = None
+            self.description = None
+        if self.enabled:
+            self.version = self.registration_config.get("version")
+            if not self.version:
+                # Try to get from proxy_info.version as fallback
+                self.version = self.registration_config.get("proxy_info", {}).get("version")
+                if not self.version:
+                    raise ValueError(
+                        "version is required in registration configuration. "
+                        "Please specify a version or proxy_info.version in your configuration."
+                    )
+        else:
+            self.version = None
+        # Heartbeat settings - only validate if enabled
+        if self.enabled:
+            heartbeat_config = self.registration_config.get("heartbeat", {})
+            self.timeout = heartbeat_config.get("timeout")
+            if self.timeout is None:
                 raise ValueError(
-                    "server_name is required in registration configuration. "
-                    "Please specify a server_name or proxy_info.name in your configuration."
+                    "heartbeat.timeout is required in registration configuration. "
+                    "Please specify a timeout value."
                 )
-        self.description = self.registration_config.get("description")
-        if not self.description:
-            # Try to get from proxy_info.description as fallback
-            self.description = self.registration_config.get("proxy_info", {}).get("description")
-            if not self.description:
+            self.retry_attempts = heartbeat_config.get("retry_attempts")
+            if self.retry_attempts is None:
                 raise ValueError(
-                    "description is required in registration configuration. "
-                    "Please specify a description or proxy_info.description in your configuration."
+                    "heartbeat.retry_attempts is required in registration configuration. "
+                    "Please specify a retry_attempts value."
                 )
-        self.version = self.registration_config.get("version")
-        if not self.version:
-            # Try to get from proxy_info.version as fallback
-            self.version = self.registration_config.get("proxy_info", {}).get("version")
-            if not self.version:
+        else:
+            self.timeout = None
+            self.retry_attempts = None
+        if self.enabled:
+            self.retry_delay = heartbeat_config.get("retry_delay")
+            if self.retry_delay is None:
                 raise ValueError(
-                    "version is required in registration configuration. "
-                    "Please specify a version or proxy_info.version in your configuration."
+                    "heartbeat.retry_delay is required in registration configuration. "
+                    "Please specify a retry_delay value."
                 )
-        # Heartbeat settings
-        heartbeat_config = self.registration_config.get("heartbeat", {})
-        self.timeout = heartbeat_config.get("timeout")
-        if self.timeout is None:
-            raise ValueError(
-                "heartbeat.timeout is required in registration configuration. "
-                "Please specify a timeout value."
-            )
-        self.retry_attempts = heartbeat_config.get("retry_attempts")
-        if self.retry_attempts is None:
-            raise ValueError(
-                "heartbeat.retry_attempts is required in registration configuration. "
-                "Please specify a retry_attempts value."
-            )
-        self.retry_delay = heartbeat_config.get("retry_delay")
-        if self.retry_delay is None:
-            raise ValueError(
-                "heartbeat.retry_delay is required in registration configuration. "
-                "Please specify a retry_delay value."
-            )
-        self.heartbeat_interval = heartbeat_config.get("interval")
-        if self.heartbeat_interval is None:
-            raise ValueError(
-                "heartbeat.interval is required in registration configuration. "
-                "Please specify an interval value."
-            )
+        else:
+            self.retry_delay = None
+        if self.enabled:
+            self.heartbeat_interval = heartbeat_config.get("interval")
+            if self.heartbeat_interval is None:
+                raise ValueError(
+                    "heartbeat.interval is required in registration configuration. "
+                    "Please specify an interval value."
+                )
+        else:
+            self.heartbeat_interval = None
         # Auto registration settings
-        self.auto_register = self.registration_config.get("enabled")
-        if self.auto_register is None:
-            raise ValueError(
-                "enabled is required in registration configuration. "
-                "Please specify whether registration is enabled (true/false)."
-            )
+        if self.enabled:
+            self.auto_register = self.registration_config.get("enabled")
+            if self.auto_register is None:
+                raise ValueError(
+                    "enabled is required in registration configuration. "
+                    "Please specify whether registration is enabled (true/false)."
+                )
+        else:
+            self.auto_register = False
         self.auto_unregister = True  # Always unregister on shutdown
         # Initialize client security manager
@@ -168,7 +200,7 @@ class ProxyRegistrationManager:
         Returns:
             True if registration is enabled, False otherwise.
         """
-        return self.registration_config.get("enabled", False)
+        return self.enabled
     def set_server_url(self, server_url: str) -> None:
         """

mcp_proxy_adapter/examples/bugfix_certificate_config.py ADDED Viewed

@@ -0,0 +1,284 @@
+#!/usr/bin/env python3
+"""
+Bugfix for mcp_security_framework CertificateConfig
+This script provides a fix for the CertificateConfig validation issue.
+ISSUE: CertificateConfig requires CA certificate and key paths even when creating a CA certificate.
+This creates a chicken-and-egg problem where you need a CA to create a CA.
+SOLUTION: Modify the validation logic to allow CA creation mode.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import sys
+from pathlib import Path
+from typing import Optional
+from pydantic import BaseModel, Field, field_validator, model_validator
+class FixedCertificateConfig(BaseModel):
+    """
+    Fixed Certificate Management Configuration Model
+    This model defines certificate management configuration settings
+    including CA settings, certificate storage, and validation options.
+    BUGFIX: Added ca_creation_mode to allow CA certificate creation
+    without requiring existing CA paths.
+    Attributes:
+        enabled: Whether certificate management is enabled
+        ca_creation_mode: Whether we are in CA creation mode (bypasses CA path validation)
+        ca_cert_path: Path to CA certificate
+        ca_key_path: Path to CA private key
+        cert_storage_path: Path for certificate storage
+        key_storage_path: Path for private key storage
+        default_validity_days: Default certificate validity in days
+        key_size: RSA key size for generated certificates
+        hash_algorithm: Hash algorithm for certificate signing
+        crl_enabled: Whether CRL is enabled
+        crl_path: Path for CRL storage
+        crl_validity_days: CRL validity period in days
+        auto_renewal: Whether automatic certificate renewal is enabled
+        renewal_threshold_days: Days before expiry to renew
+    """
+    enabled: bool = Field(
+        default=False, description="Whether certificate management is enabled"
+    )
+    ca_creation_mode: bool = Field(
+        default=False, description="Whether we are in CA creation mode (bypasses CA path validation)"
+    )
+    ca_cert_path: Optional[str] = Field(
+        default=None, description="Path to CA certificate"
+    )
+    ca_key_path: Optional[str] = Field(
+        default=None, description="Path to CA private key"
+    )
+    cert_storage_path: str = Field(
+        default="./certs", description="Path for certificate storage"
+    )
+    key_storage_path: str = Field(
+        default="./keys", description="Path for private key storage"
+    )
+    default_validity_days: int = Field(
+        default=365, ge=1, le=3650, description="Default certificate validity in days"
+    )
+    key_size: int = Field(
+        default=2048,
+        ge=1024,
+        le=4096,
+        description="RSA key size for generated certificates",
+    )
+    hash_algorithm: str = Field(
+        default="sha256", description="Hash algorithm for certificate signing"
+    )
+    crl_enabled: bool = Field(default=False, description="Whether CRL is enabled")
+    crl_path: Optional[str] = Field(default=None, description="Path for CRL storage")
+    crl_validity_days: int = Field(
+        default=30, ge=1, le=365, description="CRL validity period in days"
+    )
+    auto_renewal: bool = Field(
+        default=False, description="Whether automatic certificate renewal is enabled"
+    )
+    renewal_threshold_days: int = Field(
+        default=30, ge=1, le=90, description="Days before expiry to renew"
+    )
+    @field_validator("hash_algorithm")
+    @classmethod
+    def validate_hash_algorithm(cls, v):
+        """Validate hash algorithm."""
+        valid_algorithms = ["sha1", "sha256", "sha384", "sha512"]
+        if v not in valid_algorithms:
+            raise ValueError(
+                f"Invalid hash algorithm. Must be one of: {valid_algorithms}"
+            )
+        return v
+    @model_validator(mode="after")
+    def validate_certificate_configuration(self):
+        """Validate certificate configuration consistency."""
+        if self.enabled:
+            # BUGFIX: Only require CA paths if not in CA creation mode
+            if not self.ca_creation_mode:
+                if not self.ca_cert_path or not self.ca_key_path:
+                    raise ValueError(
+                        "Certificate management enabled but CA certificate and key paths are required. "
+                        "Set ca_creation_mode=True if you are creating a CA certificate."
+                    )
+        if self.crl_enabled and not self.crl_path:
+            raise ValueError("CRL enabled but CRL path is required")
+        return self
+def create_patch_file():
+    """Create a patch file for the mcp_security_framework."""
+    patch_content = '''--- a/mcp_security_framework/schemas/config.py
++++ b/mcp_security_framework/schemas/config.py
+@@ -1,6 +1,7 @@
+ from typing import Optional
+ from pydantic import BaseModel, Field, field_validator, model_validator
++
+ class CertificateConfig(BaseModel):
+     """
+     Certificate Management Configuration Model
+@@ -8,6 +9,7 @@ class CertificateConfig(BaseModel):
+     This model defines certificate management configuration settings
+     including CA settings, certificate storage, and validation options.
++    BUGFIX: Added ca_creation_mode to allow CA certificate creation
+     Attributes:
+         enabled: Whether certificate management is enabled
+         ca_cert_path: Path to CA certificate
+@@ -20,6 +22,9 @@ class CertificateConfig(BaseModel):
+     enabled: bool = Field(
+         default=False, description="Whether certificate management is enabled"
+     )
++    ca_creation_mode: bool = Field(
++        default=False, description="Whether we are in CA creation mode (bypasses CA path validation)"
++    )
+     ca_cert_path: Optional[str] = Field(
+         default=None, description="Path to CA certificate"
+     )
+@@ -60,7 +65,9 @@ class CertificateConfig(BaseModel):
+     @model_validator(mode="after")
+     def validate_certificate_configuration(self):
+         """Validate certificate configuration consistency."""
+         if self.enabled:
+-            if not self.ca_cert_path or not self.ca_key_path:
+-                raise ValueError(
+-                    "Certificate management enabled but CA certificate and key paths are required"
+-                )
++            # BUGFIX: Only require CA paths if not in CA creation mode
++            if not self.ca_creation_mode:
++                if not self.ca_cert_path or not self.ca_key_path:
++                    raise ValueError(
++                        "Certificate management enabled but CA certificate and key paths are required. "
++                        "Set ca_creation_mode=True if you are creating a CA certificate."
++                    )
+         if self.crl_enabled and not self.crl_path:
+             raise ValueError("CRL enabled but CRL path is required")
+         return self
+'''
+    patch_file = Path("certificate_config_bugfix.patch")
+    with open(patch_file, 'w') as f:
+        f.write(patch_content)
+    print(f"✅ Patch file created: {patch_file}")
+    return patch_file
+def test_fixed_config():
+    """Test the fixed configuration."""
+    print("🧪 Testing Fixed CertificateConfig")
+    print("=" * 50)
+    # Test 1: CA creation mode should work without CA paths
+    print("Test 1: CA creation mode")
+    try:
+        config1 = FixedCertificateConfig(
+            enabled=True,
+            ca_creation_mode=True,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        print("✅ CA creation mode works correctly")
+    except Exception as e:
+        print(f"❌ CA creation mode failed: {e}")
+        return False
+    # Test 2: Normal mode should require CA paths
+    print("Test 2: Normal mode without CA paths")
+    try:
+        config2 = FixedCertificateConfig(
+            enabled=True,
+            ca_creation_mode=False,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        print("❌ Normal mode should have failed without CA paths")
+        return False
+    except ValueError as e:
+        print("✅ Normal mode correctly requires CA paths")
+    except Exception as e:
+        print(f"❌ Unexpected error: {e}")
+        return False
+    # Test 3: Normal mode with CA paths should work
+    print("Test 3: Normal mode with CA paths")
+    try:
+        config3 = FixedCertificateConfig(
+            enabled=True,
+            ca_creation_mode=False,
+            ca_cert_path="./certs/ca.crt",
+            ca_key_path="./keys/ca.key",
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        print("✅ Normal mode with CA paths works correctly")
+    except Exception as e:
+        print(f"❌ Normal mode with CA paths failed: {e}")
+        return False
+    print("\n🎉 All tests passed!")
+    return True
+def main():
+    """Main entry point."""
+    print("🔧 mcp_security_framework CertificateConfig Bugfix")
+    print("=" * 60)
+    print()
+    print("ISSUE DESCRIPTION:")
+    print("CertificateConfig requires CA certificate and key paths even when")
+    print("creating a CA certificate. This creates a chicken-and-egg problem.")
+    print()
+    print("SOLUTION:")
+    print("Add ca_creation_mode field to bypass CA path validation when")
+    print("creating a CA certificate.")
+    print()
+    # Test the fix
+    if test_fixed_config():
+        # Create patch file
+        patch_file = create_patch_file()
+        print(f"\n📁 To apply this fix to mcp_security_framework:")
+        print(f"   1. Copy the patch file to the framework directory")
+        print(f"   2. Run: patch -p1 < {patch_file}")
+        print(f"   3. Or manually apply the changes shown in the patch")
+        print()
+        print("🔧 USAGE EXAMPLE:")
+        print("   # For CA creation:")
+        print("   config = CertificateConfig(")
+        print("       enabled=True,")
+        print("       ca_creation_mode=True,  # <-- This is the fix")
+        print("       cert_storage_path='./certs',")
+        print("       key_storage_path='./keys'")
+        print("   )")
+        print()
+        print("   # For normal certificate creation:")
+        print("   config = CertificateConfig(")
+        print("       enabled=True,")
+        print("       ca_creation_mode=False,")
+        print("       ca_cert_path='./certs/ca.crt',")
+        print("       ca_key_path='./keys/ca.key'")
+        print("   )")
+    else:
+        print("❌ Tests failed!")
+        return 1
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())

mcp_proxy_adapter/examples/cert_manager_bugfix.py ADDED Viewed

@@ -0,0 +1,203 @@
+#!/usr/bin/env python3
+"""
+Bugfix for mcp_security_framework CertificateManager
+This script provides a fix for the CertificateManager validation issue.
+ISSUE: CertificateManager._validate_configuration() doesn't check ca_creation_mode
+and always requires CA certificate and key paths, even when creating a CA.
+SOLUTION: Modify the validation logic to skip CA path validation in CA creation mode.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import sys
+from pathlib import Path
+def create_cert_manager_patch():
+    """Create a patch file for the CertificateManager."""
+    patch_content = '''--- a/mcp_security_framework/core/cert_manager.py
++++ b/mcp_security_framework/core/cert_manager.py
+@@ -1,6 +1,7 @@
+ import logging
+ import os
+ from typing import Dict, List, Optional, Union
++from pathlib import Path
+ from cryptography import x509
+ from cryptography.hazmat.primitives import hashes, serialization
+@@ -50,6 +51,7 @@ class CertificateManager:
+         """
+         self.config = config
+         self.logger = logging.getLogger(__name__)
++        self._certificate_cache: Dict[str, CertificateInfo] = {}
++        self._crl_cache: Dict[str, x509.CertificateRevocationList] = {}
+         # Validate configuration
+         self._validate_configuration()
+@@ -70,7 +72,7 @@ class CertificateManager:
+     def _validate_configuration(self) -> None:
+         """Validate certificate configuration."""
+         # Skip validation if certificate management is disabled
+-        if not self.config.enabled:
++        if not self.config.enabled:
+             return
+-        if not self.config.ca_cert_path:
+-            raise CertificateConfigurationError("CA certificate path is required")
+-
+-        if not self.config.ca_key_path:
+-            raise CertificateConfigurationError("CA private key path is required")
+-
+-        if not os.path.exists(self.config.ca_cert_path):
+-            raise CertificateConfigurationError(
+-                f"CA certificate file not found: {self.config.ca_cert_path}"
+-            )
+-
+-        if not os.path.exists(self.config.ca_key_path):
+-            raise CertificateConfigurationError(
+-                f"CA private key file not found: {self.config.ca_key_path}"
+-            )
++        # BUGFIX: Skip CA path validation if in CA creation mode
++        if self.config.ca_creation_mode:
++            self.logger.info("CA creation mode enabled, skipping CA path validation")
++            return
++
++        if not self.config.ca_cert_path:
++            raise CertificateConfigurationError("CA certificate path is required")
++
++        if not self.config.ca_key_path:
++            raise CertificateConfigurationError("CA private key path is required")
++
++        if not os.path.exists(self.config.ca_cert_path):
++            raise CertificateConfigurationError(
++                f"CA certificate file not found: {self.config.ca_cert_path}"
++            )
++
++        if not os.path.exists(self.config.ca_key_path):
++            raise CertificateConfigurationError(
++                f"CA private key file not found: {self.config.ca_key_path}"
++            )
+'''
+    patch_file = Path("cert_manager_bugfix.patch")
+    with open(patch_file, 'w') as f:
+        f.write(patch_content)
+    print(f"✅ CertificateManager patch file created: {patch_file}")
+    return patch_file
+def test_fixed_cert_manager():
+    """Test the fixed CertificateManager."""
+    print("🧪 Testing Fixed CertificateManager")
+    print("=" * 50)
+    # Create a mock fixed CertificateManager class
+    class FixedCertificateManager:
+        def __init__(self, config):
+            self.config = config
+            self.logger = type('Logger', (), {'info': lambda self, msg, **kwargs: print(f"INFO: {msg}")})()
+            self._validate_configuration()
+        def _validate_configuration(self):
+            """Fixed validation logic."""
+            if not self.config.enabled:
+                return
+            # BUGFIX: Skip CA path validation if in CA creation mode
+            if self.config.ca_creation_mode:
+                self.logger.info("CA creation mode enabled, skipping CA path validation")
+                return
+            if not self.config.ca_cert_path:
+                raise ValueError("CA certificate path is required")
+            if not self.config.ca_key_path:
+                raise ValueError("CA private key path is required")
+    # Test 1: CA creation mode should work without CA paths
+    print("Test 1: CA creation mode")
+    try:
+        from mcp_security_framework.schemas.config import CertificateConfig
+        config1 = CertificateConfig(
+            enabled=True,
+            ca_creation_mode=True,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        manager1 = FixedCertificateManager(config1)
+        print("✅ CA creation mode works correctly")
+    except Exception as e:
+        print(f"❌ CA creation mode failed: {e}")
+        return False
+    # Test 2: Normal mode should require CA paths
+    print("Test 2: Normal mode without CA paths")
+    try:
+        config2 = CertificateConfig(
+            enabled=True,
+            ca_creation_mode=False,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        manager2 = FixedCertificateManager(config2)
+        print("❌ Normal mode should have failed without CA paths")
+        return False
+    except ValueError as e:
+        print("✅ Normal mode correctly requires CA paths")
+    except Exception as e:
+        print(f"❌ Unexpected error: {e}")
+        return False
+    print("\n🎉 All tests passed!")
+    return True
+def main():
+    """Main entry point."""
+    print("🔧 mcp_security_framework CertificateManager Bugfix")
+    print("=" * 60)
+    print()
+    print("ISSUE DESCRIPTION:")
+    print("CertificateManager._validate_configuration() doesn't check ca_creation_mode")
+    print("and always requires CA certificate and key paths, even when creating a CA.")
+    print()
+    print("SOLUTION:")
+    print("Modify _validate_configuration() to skip CA path validation when")
+    print("ca_creation_mode=True.")
+    print()
+    # Test the fix
+    if test_fixed_cert_manager():
+        # Create patch file
+        patch_file = create_cert_manager_patch()
+        print(f"\n📁 To apply this fix to mcp_security_framework:")
+        print(f"   1. Copy the patch file to the framework directory")
+        print(f"   2. Run: patch -p1 < {patch_file}")
+        print(f"   3. Or manually apply the changes shown in the patch")
+        print()
+        print("🔧 USAGE EXAMPLE:")
+        print("   # For CA creation:")
+        print("   config = CertificateConfig(")
+        print("       enabled=True,")
+        print("       ca_creation_mode=True,  # <-- This bypasses CA path validation")
+        print("       cert_storage_path='./certs',")
+        print("       key_storage_path='./keys'")
+        print("   )")
+        print("   manager = CertificateManager(config)  # <-- This will now work")
+    else:
+        print("❌ Tests failed!")
+        return 1
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())

mcp-proxy-adapter 6.4.43__py3-none-any.whl → 6.4.45__py3-none-any.whl

mcp-proxy-adapter 6.4.43py3-none-any.whl → 6.4.45py3-none-any.whl