mcp-proxy-adapter 6.4.44__tar.gz → 6.4.45__tar.gz

{mcp_proxy_adapter-6.4.44 → mcp_proxy_adapter-6.4.45}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-proxy-adapter
-Version: 6.4.44
+Version: 6.4.45
 Summary: Powerful JSON-RPC microservices framework with built-in security, authentication, and proxy registration
 Home-page: https://github.com/maverikod/mcp-proxy-adapter
 Author: Vasiliy Zdanovskiy
@@ -138,6 +138,86 @@ The `mcp_proxy_adapter/examples/` directory contains comprehensive examples for
 - **Security Testing**: Comprehensive security test suite
 - **Certificate Generation**: SSL/TLS certificate management
 
+### Test Environment Setup
+
+The framework includes a comprehensive test environment setup that automatically creates configurations, generates certificates, and runs tests:
+
+```bash
+# Create a complete test environment with all configurations and certificates
+python -m mcp_proxy_adapter.examples.setup_test_environment
+
+# Create test environment in a specific directory
+python -m mcp_proxy_adapter.examples.setup_test_environment /path/to/test/dir
+
+# Skip certificate generation (use existing certificates)
+python -m mcp_proxy_adapter.examples.setup_test_environment --skip-certs
+
+# Skip running tests (setup only)
+python -m mcp_proxy_adapter.examples.setup_test_environment --skip-tests
+```
+
+### Configuration Generation
+
+Generate test configurations from a comprehensive template:
+
+```bash
+# Generate all test configurations
+python -m mcp_proxy_adapter.examples.create_test_configs
+
+# Generate from specific comprehensive config
+python -m mcp_proxy_adapter.examples.create_test_configs --comprehensive-config config.json
+
+# Generate specific configuration types
+python -m mcp_proxy_adapter.examples.create_test_configs --types http,https,mtls
+```
+
+### Certificate Generation
+
+Generate SSL/TLS certificates for testing:
+
+```bash
+# Generate all certificates using mcp_security_framework
+python -m mcp_proxy_adapter.examples.generate_all_certificates
+
+# Generate certificates with custom configuration
+python -m mcp_proxy_adapter.examples.generate_certificates_framework --config cert_config.json
+```
+
+### Security Testing
+
+Run comprehensive security tests:
+
+```bash
+# Run all security tests
+python -m mcp_proxy_adapter.examples.run_security_tests_fixed
+
+# Run full test suite (includes setup, config generation, certificate generation, and testing)
+python -m mcp_proxy_adapter.examples.run_full_test_suite
+```
+
+### Complete Workflow Example
+
+```bash
+# 1. Install the package
+pip install mcp-proxy-adapter
+
+# 2. Create test environment (automatically runs tests)
+python -m mcp_proxy_adapter.examples.setup_test_environment
+
+# 3. Or run individual steps:
+# Generate certificates
+python -m mcp_proxy_adapter.examples.generate_all_certificates
+
+# Generate configurations
+python -m mcp_proxy_adapter.examples.create_test_configs
+
+# Run security tests
+python -m mcp_proxy_adapter.examples.run_security_tests_fixed
+
+# 4. Start server with generated configuration
+python -m mcp_proxy_adapter --config configs/http_simple.json
+```
+
 ## Development
 
 The project follows a modular architecture:

{mcp_proxy_adapter-6.4.44 → mcp_proxy_adapter-6.4.45}/README.md

@@ -79,6 +79,86 @@ The `mcp_proxy_adapter/examples/` directory contains comprehensive examples for
 - **Security Testing**: Comprehensive security test suite
 - **Certificate Generation**: SSL/TLS certificate management
 
+### Test Environment Setup
+
+The framework includes a comprehensive test environment setup that automatically creates configurations, generates certificates, and runs tests:
+
+```bash
+# Create a complete test environment with all configurations and certificates
+python -m mcp_proxy_adapter.examples.setup_test_environment
+
+# Create test environment in a specific directory
+python -m mcp_proxy_adapter.examples.setup_test_environment /path/to/test/dir
+
+# Skip certificate generation (use existing certificates)
+python -m mcp_proxy_adapter.examples.setup_test_environment --skip-certs
+
+# Skip running tests (setup only)
+python -m mcp_proxy_adapter.examples.setup_test_environment --skip-tests
+```
+
+### Configuration Generation
+
+Generate test configurations from a comprehensive template:
+
+```bash
+# Generate all test configurations
+python -m mcp_proxy_adapter.examples.create_test_configs
+
+# Generate from specific comprehensive config
+python -m mcp_proxy_adapter.examples.create_test_configs --comprehensive-config config.json
+
+# Generate specific configuration types
+python -m mcp_proxy_adapter.examples.create_test_configs --types http,https,mtls
+```
+
+### Certificate Generation
+
+Generate SSL/TLS certificates for testing:
+
+```bash
+# Generate all certificates using mcp_security_framework
+python -m mcp_proxy_adapter.examples.generate_all_certificates
+
+# Generate certificates with custom configuration
+python -m mcp_proxy_adapter.examples.generate_certificates_framework --config cert_config.json
+```
+
+### Security Testing
+
+Run comprehensive security tests:
+
+```bash
+# Run all security tests
+python -m mcp_proxy_adapter.examples.run_security_tests_fixed
+
+# Run full test suite (includes setup, config generation, certificate generation, and testing)
+python -m mcp_proxy_adapter.examples.run_full_test_suite
+```
+
+### Complete Workflow Example
+
+```bash
+# 1. Install the package
+pip install mcp-proxy-adapter
+
+# 2. Create test environment (automatically runs tests)
+python -m mcp_proxy_adapter.examples.setup_test_environment
+
+# 3. Or run individual steps:
+# Generate certificates
+python -m mcp_proxy_adapter.examples.generate_all_certificates
+
+# Generate configurations
+python -m mcp_proxy_adapter.examples.create_test_configs
+
+# Run security tests
+python -m mcp_proxy_adapter.examples.run_security_tests_fixed
+
+# 4. Start server with generated configuration
+python -m mcp_proxy_adapter --config configs/http_simple.json
+```
+
 ## Development
 
 The project follows a modular architecture:

{mcp_proxy_adapter-6.4.44 → mcp_proxy_adapter-6.4.45}/mcp_proxy_adapter/core/proxy_registration.py

@@ -68,84 +68,116 @@ class ProxyRegistrationManager:
         except Exception:
             pass
 
-        # Basic registration settings
-        self.proxy_url = self.registration_config.get("proxy_url")
-        if not self.proxy_url:
-            raise ValueError(
-                "proxy_url is required in registration configuration. "
-                "Please specify a valid proxy URL in your configuration."
-            )
-        self.server_id = self.registration_config.get("server_id")
-        if not self.server_id:
-            # Try to get from proxy_info.name as fallback
-            self.server_id = self.registration_config.get("proxy_info", {}).get("name")
-            if not self.server_id:
+        # Check if registration is enabled
+        self.enabled = self.registration_config.get("enabled", False)
+        
+        # Basic registration settings - only validate if enabled
+        if self.enabled:
+            self.proxy_url = self.registration_config.get("proxy_url")
+            if not self.proxy_url:
                 raise ValueError(
-                    "server_id is required in registration configuration. "
-                    "Please specify a server_id or proxy_info.name in your configuration."
+                    "proxy_url is required in registration configuration. "
+                    "Please specify a valid proxy URL in your configuration."
                 )
-        self.server_name = self.registration_config.get("server_name")
-        if not self.server_name:
-            # Try to get from proxy_info.name as fallback
-            self.server_name = self.registration_config.get("proxy_info", {}).get("name")
+        else:
+            self.proxy_url = None
+            
+        if self.enabled:
+            self.server_id = self.registration_config.get("server_id")
+            if not self.server_id:
+                # Try to get from proxy_info.name as fallback
+                self.server_id = self.registration_config.get("proxy_info", {}).get("name")
+                if not self.server_id:
+                    raise ValueError(
+                        "server_id is required in registration configuration. "
+                        "Please specify a server_id or proxy_info.name in your configuration."
+                    )
+            self.server_name = self.registration_config.get("server_name")
             if not self.server_name:
+                # Try to get from proxy_info.name as fallback
+                self.server_name = self.registration_config.get("proxy_info", {}).get("name")
+                if not self.server_name:
+                    raise ValueError(
+                        "server_name is required in registration configuration. "
+                        "Please specify a server_name or proxy_info.name in your configuration."
+                    )
+            self.description = self.registration_config.get("description")
+            if not self.description:
+                # Try to get from proxy_info.description as fallback
+                self.description = self.registration_config.get("proxy_info", {}).get("description")
+                if not self.description:
+                    raise ValueError(
+                        "description is required in registration configuration. "
+                        "Please specify a description or proxy_info.description in your configuration."
+                    )
+        else:
+            self.server_id = None
+            self.server_name = None
+            self.description = None
+            
+        if self.enabled:
+            self.version = self.registration_config.get("version")
+            if not self.version:
+                # Try to get from proxy_info.version as fallback
+                self.version = self.registration_config.get("proxy_info", {}).get("version")
+                if not self.version:
+                    raise ValueError(
+                        "version is required in registration configuration. "
+                        "Please specify a version or proxy_info.version in your configuration."
+                    )
+        else:
+            self.version = None
+
+        # Heartbeat settings - only validate if enabled
+        if self.enabled:
+            heartbeat_config = self.registration_config.get("heartbeat", {})
+            self.timeout = heartbeat_config.get("timeout")
+            if self.timeout is None:
                 raise ValueError(
-                    "server_name is required in registration configuration. "
-                    "Please specify a server_name or proxy_info.name in your configuration."
+                    "heartbeat.timeout is required in registration configuration. "
+                    "Please specify a timeout value."
                 )
-        self.description = self.registration_config.get("description")
-        if not self.description:
-            # Try to get from proxy_info.description as fallback
-            self.description = self.registration_config.get("proxy_info", {}).get("description")
-            if not self.description:
+            self.retry_attempts = heartbeat_config.get("retry_attempts")
+            if self.retry_attempts is None:
                 raise ValueError(
-                    "description is required in registration configuration. "
-                    "Please specify a description or proxy_info.description in your configuration."
+                    "heartbeat.retry_attempts is required in registration configuration. "
+                    "Please specify a retry_attempts value."
                 )
-        self.version = self.registration_config.get("version")
-        if not self.version:
-            # Try to get from proxy_info.version as fallback
-            self.version = self.registration_config.get("proxy_info", {}).get("version")
-            if not self.version:
+        else:
+            self.timeout = None
+            self.retry_attempts = None
+            
+        if self.enabled:
+            self.retry_delay = heartbeat_config.get("retry_delay")
+            if self.retry_delay is None:
                 raise ValueError(
-                    "version is required in registration configuration. "
-                    "Please specify a version or proxy_info.version in your configuration."
+                    "heartbeat.retry_delay is required in registration configuration. "
+                    "Please specify a retry_delay value."
                 )
-
-        # Heartbeat settings
-        heartbeat_config = self.registration_config.get("heartbeat", {})
-        self.timeout = heartbeat_config.get("timeout")
-        if self.timeout is None:
-            raise ValueError(
-                "heartbeat.timeout is required in registration configuration. "
-                "Please specify a timeout value."
-            )
-        self.retry_attempts = heartbeat_config.get("retry_attempts")
-        if self.retry_attempts is None:
-            raise ValueError(
-                "heartbeat.retry_attempts is required in registration configuration. "
-                "Please specify a retry_attempts value."
-            )
-        self.retry_delay = heartbeat_config.get("retry_delay")
-        if self.retry_delay is None:
-            raise ValueError(
-                "heartbeat.retry_delay is required in registration configuration. "
-                "Please specify a retry_delay value."
-            )
-        self.heartbeat_interval = heartbeat_config.get("interval")
-        if self.heartbeat_interval is None:
-            raise ValueError(
-                "heartbeat.interval is required in registration configuration. "
-                "Please specify an interval value."
-            )
+        else:
+            self.retry_delay = None
+            
+        if self.enabled:
+            self.heartbeat_interval = heartbeat_config.get("interval")
+            if self.heartbeat_interval is None:
+                raise ValueError(
+                    "heartbeat.interval is required in registration configuration. "
+                    "Please specify an interval value."
+                )
+        else:
+            self.heartbeat_interval = None
 
         # Auto registration settings
-        self.auto_register = self.registration_config.get("enabled")
-        if self.auto_register is None:
-            raise ValueError(
-                "enabled is required in registration configuration. "
-                "Please specify whether registration is enabled (true/false)."
-            )
+        if self.enabled:
+            self.auto_register = self.registration_config.get("enabled")
+            if self.auto_register is None:
+                raise ValueError(
+                    "enabled is required in registration configuration. "
+                    "Please specify whether registration is enabled (true/false)."
+                )
+        else:
+            self.auto_register = False
+            
         self.auto_unregister = True  # Always unregister on shutdown
 
         # Initialize client security manager
@@ -168,7 +200,7 @@ class ProxyRegistrationManager:
         Returns:
             True if registration is enabled, False otherwise.
         """
-        return self.registration_config.get("enabled", False)
+        return self.enabled
 
     def set_server_url(self, server_url: str) -> None:
         """

mcp_proxy_adapter-6.4.45/mcp_proxy_adapter/examples/bugfix_certificate_config.py

@@ -0,0 +1,284 @@
+#!/usr/bin/env python3
+"""
+Bugfix for mcp_security_framework CertificateConfig
+This script provides a fix for the CertificateConfig validation issue.
+
+ISSUE: CertificateConfig requires CA certificate and key paths even when creating a CA certificate.
+This creates a chicken-and-egg problem where you need a CA to create a CA.
+
+SOLUTION: Modify the validation logic to allow CA creation mode.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import sys
+from pathlib import Path
+from typing import Optional
+from pydantic import BaseModel, Field, field_validator, model_validator
+
+
+class FixedCertificateConfig(BaseModel):
+    """
+    Fixed Certificate Management Configuration Model
+
+    This model defines certificate management configuration settings
+    including CA settings, certificate storage, and validation options.
+
+    BUGFIX: Added ca_creation_mode to allow CA certificate creation
+    without requiring existing CA paths.
+
+    Attributes:
+        enabled: Whether certificate management is enabled
+        ca_creation_mode: Whether we are in CA creation mode (bypasses CA path validation)
+        ca_cert_path: Path to CA certificate
+        ca_key_path: Path to CA private key
+        cert_storage_path: Path for certificate storage
+        key_storage_path: Path for private key storage
+        default_validity_days: Default certificate validity in days
+        key_size: RSA key size for generated certificates
+        hash_algorithm: Hash algorithm for certificate signing
+        crl_enabled: Whether CRL is enabled
+        crl_path: Path for CRL storage
+        crl_validity_days: CRL validity period in days
+        auto_renewal: Whether automatic certificate renewal is enabled
+        renewal_threshold_days: Days before expiry to renew
+    """
+
+    enabled: bool = Field(
+        default=False, description="Whether certificate management is enabled"
+    )
+    ca_creation_mode: bool = Field(
+        default=False, description="Whether we are in CA creation mode (bypasses CA path validation)"
+    )
+    ca_cert_path: Optional[str] = Field(
+        default=None, description="Path to CA certificate"
+    )
+    ca_key_path: Optional[str] = Field(
+        default=None, description="Path to CA private key"
+    )
+    cert_storage_path: str = Field(
+        default="./certs", description="Path for certificate storage"
+    )
+    key_storage_path: str = Field(
+        default="./keys", description="Path for private key storage"
+    )
+    default_validity_days: int = Field(
+        default=365, ge=1, le=3650, description="Default certificate validity in days"
+    )
+    key_size: int = Field(
+        default=2048,
+        ge=1024,
+        le=4096,
+        description="RSA key size for generated certificates",
+    )
+    hash_algorithm: str = Field(
+        default="sha256", description="Hash algorithm for certificate signing"
+    )
+    crl_enabled: bool = Field(default=False, description="Whether CRL is enabled")
+    crl_path: Optional[str] = Field(default=None, description="Path for CRL storage")
+    crl_validity_days: int = Field(
+        default=30, ge=1, le=365, description="CRL validity period in days"
+    )
+    auto_renewal: bool = Field(
+        default=False, description="Whether automatic certificate renewal is enabled"
+    )
+    renewal_threshold_days: int = Field(
+        default=30, ge=1, le=90, description="Days before expiry to renew"
+    )
+
+    @field_validator("hash_algorithm")
+    @classmethod
+    def validate_hash_algorithm(cls, v):
+        """Validate hash algorithm."""
+        valid_algorithms = ["sha1", "sha256", "sha384", "sha512"]
+        if v not in valid_algorithms:
+            raise ValueError(
+                f"Invalid hash algorithm. Must be one of: {valid_algorithms}"
+            )
+        return v
+
+    @model_validator(mode="after")
+    def validate_certificate_configuration(self):
+        """Validate certificate configuration consistency."""
+        if self.enabled:
+            # BUGFIX: Only require CA paths if not in CA creation mode
+            if not self.ca_creation_mode:
+                if not self.ca_cert_path or not self.ca_key_path:
+                    raise ValueError(
+                        "Certificate management enabled but CA certificate and key paths are required. "
+                        "Set ca_creation_mode=True if you are creating a CA certificate."
+                    )
+
+        if self.crl_enabled and not self.crl_path:
+            raise ValueError("CRL enabled but CRL path is required")
+
+        return self
+
+
+def create_patch_file():
+    """Create a patch file for the mcp_security_framework."""
+    
+    patch_content = '''--- a/mcp_security_framework/schemas/config.py
++++ b/mcp_security_framework/schemas/config.py
+@@ -1,6 +1,7 @@
+ from typing import Optional
+ from pydantic import BaseModel, Field, field_validator, model_validator
+ 
++
+ class CertificateConfig(BaseModel):
+     """
+     Certificate Management Configuration Model
+@@ -8,6 +9,7 @@ class CertificateConfig(BaseModel):
+     This model defines certificate management configuration settings
+     including CA settings, certificate storage, and validation options.
+ 
++    BUGFIX: Added ca_creation_mode to allow CA certificate creation
+     Attributes:
+         enabled: Whether certificate management is enabled
+         ca_cert_path: Path to CA certificate
+@@ -20,6 +22,9 @@ class CertificateConfig(BaseModel):
+     enabled: bool = Field(
+         default=False, description="Whether certificate management is enabled"
+     )
++    ca_creation_mode: bool = Field(
++        default=False, description="Whether we are in CA creation mode (bypasses CA path validation)"
++    )
+     ca_cert_path: Optional[str] = Field(
+         default=None, description="Path to CA certificate"
+     )
+@@ -60,7 +65,9 @@ class CertificateConfig(BaseModel):
+     @model_validator(mode="after")
+     def validate_certificate_configuration(self):
+         """Validate certificate configuration consistency."""
+         if self.enabled:
+-            if not self.ca_cert_path or not self.ca_key_path:
+-                raise ValueError(
+-                    "Certificate management enabled but CA certificate and key paths are required"
+-                )
++            # BUGFIX: Only require CA paths if not in CA creation mode
++            if not self.ca_creation_mode:
++                if not self.ca_cert_path or not self.ca_key_path:
++                    raise ValueError(
++                        "Certificate management enabled but CA certificate and key paths are required. "
++                        "Set ca_creation_mode=True if you are creating a CA certificate."
++                    )
+ 
+         if self.crl_enabled and not self.crl_path:
+             raise ValueError("CRL enabled but CRL path is required")
+ 
+         return self
+'''
+    
+    patch_file = Path("certificate_config_bugfix.patch")
+    with open(patch_file, 'w') as f:
+        f.write(patch_content)
+    
+    print(f"✅ Patch file created: {patch_file}")
+    return patch_file
+
+
+def test_fixed_config():
+    """Test the fixed configuration."""
+    print("🧪 Testing Fixed CertificateConfig")
+    print("=" * 50)
+    
+    # Test 1: CA creation mode should work without CA paths
+    print("Test 1: CA creation mode")
+    try:
+        config1 = FixedCertificateConfig(
+            enabled=True,
+            ca_creation_mode=True,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        print("✅ CA creation mode works correctly")
+    except Exception as e:
+        print(f"❌ CA creation mode failed: {e}")
+        return False
+    
+    # Test 2: Normal mode should require CA paths
+    print("Test 2: Normal mode without CA paths")
+    try:
+        config2 = FixedCertificateConfig(
+            enabled=True,
+            ca_creation_mode=False,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        print("❌ Normal mode should have failed without CA paths")
+        return False
+    except ValueError as e:
+        print("✅ Normal mode correctly requires CA paths")
+    except Exception as e:
+        print(f"❌ Unexpected error: {e}")
+        return False
+    
+    # Test 3: Normal mode with CA paths should work
+    print("Test 3: Normal mode with CA paths")
+    try:
+        config3 = FixedCertificateConfig(
+            enabled=True,
+            ca_creation_mode=False,
+            ca_cert_path="./certs/ca.crt",
+            ca_key_path="./keys/ca.key",
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+        print("✅ Normal mode with CA paths works correctly")
+    except Exception as e:
+        print(f"❌ Normal mode with CA paths failed: {e}")
+        return False
+    
+    print("\n🎉 All tests passed!")
+    return True
+
+
+def main():
+    """Main entry point."""
+    print("🔧 mcp_security_framework CertificateConfig Bugfix")
+    print("=" * 60)
+    print()
+    print("ISSUE DESCRIPTION:")
+    print("CertificateConfig requires CA certificate and key paths even when")
+    print("creating a CA certificate. This creates a chicken-and-egg problem.")
+    print()
+    print("SOLUTION:")
+    print("Add ca_creation_mode field to bypass CA path validation when")
+    print("creating a CA certificate.")
+    print()
+    
+    # Test the fix
+    if test_fixed_config():
+        # Create patch file
+        patch_file = create_patch_file()
+        print(f"\n📁 To apply this fix to mcp_security_framework:")
+        print(f"   1. Copy the patch file to the framework directory")
+        print(f"   2. Run: patch -p1 < {patch_file}")
+        print(f"   3. Or manually apply the changes shown in the patch")
+        print()
+        print("🔧 USAGE EXAMPLE:")
+        print("   # For CA creation:")
+        print("   config = CertificateConfig(")
+        print("       enabled=True,")
+        print("       ca_creation_mode=True,  # <-- This is the fix")
+        print("       cert_storage_path='./certs',")
+        print("       key_storage_path='./keys'")
+        print("   )")
+        print()
+        print("   # For normal certificate creation:")
+        print("   config = CertificateConfig(")
+        print("       enabled=True,")
+        print("       ca_creation_mode=False,")
+        print("       ca_cert_path='./certs/ca.crt',")
+        print("       ca_key_path='./keys/ca.key'")
+        print("   )")
+    else:
+        print("❌ Tests failed!")
+        return 1
+    
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())