mcp-proxy-adapter 6.9.43__py3-none-any.whl

mcp_proxy_adapter/core/mtls_server.py

@@ -0,0 +1,154 @@
+#!/usr/bin/env python3
+"""
+mTLS Server implementation using built-in http.server.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import threading
+import ssl
+import json
+import logging
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from typing import Optional, Dict, Any
+import os
+
+logger = logging.getLogger(__name__)
+
+
+class mTLSHandler(BaseHTTPRequestHandler):
+    """Handler for mTLS connections."""
+
+    def __init__(self, *args, main_app=None, **kwargs):
+        self.main_app = main_app
+        super().__init__(*args, **kwargs)
+
+
+
+
+    def _forward_to_main_app(
+        self,
+        method: str,
+        path: str,
+        client_cert: Optional[Dict],
+        post_data: Optional[bytes] = None,
+    ) -> Dict[str, Any]:
+        """Forward request to main FastAPI application."""
+        try:
+            # This is a simplified forwarding - in real implementation
+            # you would use httpx or similar to make internal HTTP calls
+            # to the main FastAPI app running on different port
+
+            return {
+                "status": "ok",
+                "message": f"mTLS {method} forwarded to main app",
+                "client_cert": client_cert,
+                "path": path,
+                "forwarded": True,
+            }
+        except Exception as e:
+            get_global_logger().error(f"Error forwarding to main app: {e}")
+            return {
+                "status": "error",
+                "message": f"Forwarding failed: {e}",
+                "client_cert": client_cert,
+                "path": path,
+            }
+
+
+class mTLSServer:
+    """mTLS Server using built-in http.server."""
+
+    def __init__(
+        self,
+        host: str = "127.0.0.1",
+        port: int = 8443,
+        cert_file: str = None,
+        key_file: str = None,
+        ca_cert_file: str = None,
+        main_app=None,
+    ):
+        """
+        Initialize mTLS server.
+
+        Args:
+            host: Server host
+            port: Server port
+            cert_file: Server certificate file
+            key_file: Server private key file
+            ca_cert_file: CA certificate file for client verification
+            main_app: Main FastAPI application for forwarding requests
+        """
+        self.host = host
+        self.port = port
+        self.cert_file = cert_file
+        self.key_file = key_file
+        self.ca_cert_file = ca_cert_file
+        self.main_app = main_app
+
+        self.server: Optional[HTTPServer] = None
+        self.server_thread: Optional[threading.Thread] = None
+        self.running = False
+
+        get_global_logger().info(f"mTLS Server initialized: {host}:{port}")
+
+    def _create_handler(self):
+        """Create handler with main app reference."""
+
+
+        return handler
+
+    def start(self) -> bool:
+        """Start mTLS server in separate thread."""
+        try:
+            # Check if certificate files exist
+            if not os.path.exists(self.cert_file):
+                get_global_logger().error(f"Certificate file not found: {self.cert_file}")
+                return False
+
+            if not os.path.exists(self.key_file):
+                get_global_logger().error(f"Key file not found: {self.key_file}")
+                return False
+
+            if not os.path.exists(self.ca_cert_file):
+                get_global_logger().error(
+                    f"CA certificate file not found: {self.ca_cert_file}"
+                )
+                return False
+
+            # Create server
+            handler_class = self._create_handler()
+            self.server = HTTPServer((self.host, self.port), handler_class)
+
+            # Configure SSL context
+            context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            context.load_cert_chain(self.cert_file, self.key_file)
+            context.load_verify_locations(self.ca_cert_file)
+            context.verify_mode = ssl.CERT_REQUIRED
+
+            # Wrap socket with SSL
+            self.server.socket = context.wrap_socket(
+                self.server.socket, server_side=True
+            )
+
+            # Start server in separate thread
+            self.server_thread = threading.Thread(
+                target=self._run_server, daemon=True
+            )
+            self.server_thread.start()
+
+            self.running = True
+            get_global_logger().info(
+                f"✅ mTLS Server started on https://{self.host}:{self.port}"
+            )
+            return True
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to start mTLS server: {e}")
+            return False
+
+
+
+
+

mcp_proxy_adapter/core/protocol_manager.py

@@ -0,0 +1,232 @@
+"""
+Protocol management module for MCP Proxy Adapter.
+
+This module provides functionality for managing and validating protocol configurations,
+including HTTP, HTTPS, and MTLS protocols with their respective ports.
+"""
+
+import ssl
+from urllib.parse import urlparse
+from typing import Dict, List, Any, Optional
+
+from mcp_proxy_adapter.config import config
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class ProtocolManager:
+    """
+    Manages protocol configurations and validates protocol access.
+
+    This class handles the validation of allowed protocols and their associated ports,
+    ensuring that only configured protocols are accessible.
+    """
+
+    def __init__(self, app_config: Optional[Dict] = None):
+        """
+        Initialize the protocol manager.
+
+        Args:
+            app_config: Application configuration dictionary (optional)
+        """
+        self.app_config = app_config
+        self._load_config()
+
+    def _load_config(self):
+        """Load protocol configuration from config."""
+        # Use provided config or fallback to global config; normalize types
+        current_config = (
+            self.app_config if self.app_config is not None else config.get_all()
+        )
+        get_global_logger().debug(
+            f"ProtocolManager._load_config - current_config type: {type(current_config)}"
+        )
+
+        if not hasattr(current_config, "get"):
+            # Not a dict-like config, fallback to global
+            get_global_logger().debug(
+                f"ProtocolManager._load_config - current_config is not dict-like, falling back to global config"
+            )
+            current_config = config.get_all()
+
+        get_global_logger().debug(
+            f"ProtocolManager._load_config - final current_config type: {type(current_config)}"
+        )
+        if hasattr(current_config, "get"):
+            get_global_logger().debug(
+                f"ProtocolManager._load_config - current_config keys: {list(current_config.keys()) if hasattr(current_config, 'keys') else 'no keys'}"
+            )
+
+        # Get server protocol configuration (new simplified structure)
+        get_global_logger().debug(f"ProtocolManager._load_config - before getting server protocol")
+        try:
+            server_config = current_config.get("server", {})
+            server_protocol = server_config.get("protocol", "http")
+            get_global_logger().debug(f"ProtocolManager._load_config - server protocol: {server_protocol}")
+            
+            # Set allowed protocols based on server protocol
+            if server_protocol == "http":
+                self.allowed_protocols = ["http"]
+            elif server_protocol == "https":
+                self.allowed_protocols = ["https"]
+            elif server_protocol == "mtls":
+                self.allowed_protocols = ["mtls", "https"]  # mTLS also supports HTTPS
+            else:
+                # Fallback to HTTP
+                self.allowed_protocols = ["http"]
+                get_global_logger().warning(f"Unknown server protocol '{server_protocol}', defaulting to HTTP")
+                
+            get_global_logger().debug(f"ProtocolManager._load_config - allowed protocols: {self.allowed_protocols}")
+            
+        except Exception as e:
+            get_global_logger().debug(f"ProtocolManager._load_config - ERROR getting server protocol: {e}")
+            # Fallback to HTTP
+            self.allowed_protocols = ["http"]
+
+        # Protocol management is always enabled in new structure
+        self.enabled = True
+
+        get_global_logger().debug(
+            f"Protocol manager loaded config: enabled={self.enabled}, allowed_protocols={self.allowed_protocols}"
+        )
+
+
+
+
+    def is_protocol_allowed(self, protocol: str) -> bool:
+        """
+        Check if a protocol is allowed based on configuration.
+
+        Args:
+            protocol: Protocol name (http, https, mtls)
+
+        Returns:
+            True if protocol is allowed, False otherwise
+        """
+        get_global_logger().debug(f"🔍 ProtocolManager.is_protocol_allowed - protocol: {protocol}")
+        get_global_logger().debug(f"🔍 ProtocolManager.is_protocol_allowed - enabled: {self.enabled}")
+        get_global_logger().debug(f"🔍 ProtocolManager.is_protocol_allowed - allowed_protocols: {self.allowed_protocols}")
+        
+        if not self.enabled:
+            get_global_logger().debug("✅ ProtocolManager.is_protocol_allowed - Protocol management is disabled, allowing all protocols")
+            return True
+
+        protocol_lower = protocol.lower()
+        is_allowed = protocol_lower in self.allowed_protocols
+
+        get_global_logger().debug(f"🔍 ProtocolManager.is_protocol_allowed - Protocol '{protocol}' allowed: {is_allowed}")
+        return is_allowed
+
+
+
+    def get_protocol_config(self, protocol: str) -> Dict:
+        """
+        Get full configuration for a specific protocol.
+
+        Args:
+            protocol: Protocol name (http, https, mtls)
+
+        Returns:
+            Protocol configuration dictionary
+        """
+        protocol_lower = protocol.lower()
+        cfg = self.protocols_config.get(protocol_lower, {})
+        # Ensure dict type
+        if isinstance(cfg, dict):
+            try:
+                return cfg.copy()
+            except Exception:
+                return {}
+        return {}
+
+
+    def get_ssl_context_for_protocol(self, protocol: str) -> Optional[ssl.SSLContext]:
+        """
+        Get SSL context for HTTPS or MTLS protocol.
+
+        Args:
+            protocol: Protocol name (https, mtls)
+
+        Returns:
+            SSL context if protocol requires SSL, None otherwise
+        """
+        if protocol.lower() not in ["https", "mtls"]:
+            return None
+
+        # Use provided config or fallback to global config
+        current_config = (
+            self.app_config if self.app_config is not None else config.get_all()
+        )
+
+        # Get SSL configuration
+        ssl_config = self._get_ssl_config(current_config)
+
+        if not ssl_config.get("enabled", False):
+            get_global_logger().warning(
+                f"SSL required for protocol '{protocol}' but SSL is disabled"
+            )
+            return None
+
+        cert_file = ssl_config.get("cert_file")
+        key_file = ssl_config.get("key_file")
+
+        if not cert_file or not key_file:
+            get_global_logger().warning(
+                f"SSL required for protocol '{protocol}' but certificate files not configured"
+            )
+            return None
+
+        try:
+            from mcp_proxy_adapter.core.ssl_utils import SSLUtils
+
+            ssl_context = SSLUtils.create_ssl_context(
+                cert_file=cert_file,
+                key_file=key_file,
+                ca_cert=ssl_config.get("ca_cert"),
+                verify_client=protocol.lower() == "mtls"
+                or ssl_config.get("verify_client", False),
+                cipher_suites=ssl_config.get("cipher_suites", []),
+                min_tls_version=ssl_config.get("min_tls_version", "1.2"),
+                max_tls_version=ssl_config.get("max_tls_version", "1.3"),
+            )
+
+            get_global_logger().info(f"SSL context created for protocol '{protocol}'")
+            return ssl_context
+
+        except Exception as e:
+            get_global_logger().error(f"Failed to create SSL context for protocol '{protocol}': {e}")
+            return None
+
+    def _get_ssl_config(self, current_config: Dict) -> Dict:
+        """
+        Get SSL configuration from config.
+
+        Args:
+            current_config: Current configuration dictionary
+
+        Returns:
+            SSL configuration dictionary
+        """
+        # Try security framework SSL config first
+        security_config = current_config.get("security", {})
+        ssl_config = security_config.get("ssl", {})
+
+        if ssl_config.get("enabled", False):
+            get_global_logger().debug("Using security.ssl configuration")
+            return ssl_config
+
+        # Fallback to legacy SSL config
+        legacy_ssl_config = current_config.get("ssl", {})
+        if legacy_ssl_config.get("enabled", False):
+            get_global_logger().debug("Using legacy ssl configuration")
+            return legacy_ssl_config
+
+        # Return empty config if SSL is disabled
+        return {"enabled": False}
+
+
+
+
+# Global protocol manager instance - will be updated with config when needed
+protocol_manager = None
+
+

mcp_proxy_adapter/core/proxy/__init__.py

@@ -0,0 +1,19 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Proxy registration package for MCP Proxy Adapter.
+"""
+
+from .proxy_registration_manager import ProxyRegistrationManager, ProxyRegistrationError
+from .auth_manager import AuthManager
+from .ssl_manager import SSLManager
+from .registration_client import RegistrationClient
+
+__all__ = [
+    "ProxyRegistrationManager",
+    "ProxyRegistrationError",
+    "AuthManager",
+    "SSLManager",
+    "RegistrationClient",
+]

mcp_proxy_adapter/core/proxy/auth_manager.py

@@ -0,0 +1,26 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Authentication management for proxy registration.
+"""
+
+from typing import Dict, Any
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class AuthManager:
+    """Manager for authentication in proxy registration."""
+
+    def __init__(self, client_security, registration_config: Dict[str, Any]):
+        """
+        Initialize authentication manager.
+
+        Args:
+            client_security: Client security manager instance
+            registration_config: Registration configuration
+        """
+        self.client_security = client_security
+        self.registration_config = registration_config
+        self.logger = get_global_logger()

mcp_proxy_adapter/core/proxy/proxy_registration_manager.py

@@ -0,0 +1,160 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Main proxy registration manager for MCP Proxy Adapter.
+"""
+
+import time
+from typing import Dict, Any
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+from mcp_proxy_adapter.core.client_security import create_client_security_manager
+from .registration_client import RegistrationClient
+
+
+class ProxyRegistrationError(Exception):
+    """Exception raised when proxy registration fails."""
+
+    pass
+
+
+class ProxyRegistrationManager:
+    """
+    Manager for proxy registration functionality with security framework integration.
+
+    Handles automatic registration and unregistration of the server
+    with the MCP proxy server using secure authentication methods.
+    """
+
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize the proxy registration manager.
+
+        Args:
+            config: Application configuration
+        """
+        self.config = config
+        self.logger = get_global_logger()
+        
+        # Get registration configuration
+        self.registration_config = config.get("proxy_registration", {})
+        
+        # Initialize client security
+        self.client_security = create_client_security_manager(config)
+        
+        # Registration state
+        self.proxy_url = self.registration_config.get("proxy_url")
+        self.server_url = None
+        self.registered = False
+        self.registration_time = None
+        
+        # Initialize registration client
+        self.registration_client = RegistrationClient(
+            self.client_security, self.registration_config, config, self.proxy_url
+        )
+
+    def is_enabled(self) -> bool:
+        """
+        Check if proxy registration is enabled.
+
+        Returns:
+            True if enabled, False otherwise
+        """
+        return self.registration_config.get("enabled", False)
+
+    async def register(self) -> bool:
+        """
+        Register server with proxy.
+
+        Returns:
+            True if registration successful, False otherwise
+        """
+        if not self.is_enabled():
+            self.logger.info("Proxy registration is disabled")
+            return True
+
+        if not self.server_url:
+            self.logger.error("Server URL not set for registration")
+            return False
+
+        if not self.proxy_url:
+            self.logger.error("Proxy URL not configured")
+            return False
+
+        try:
+            self.logger.info(f"Registering with proxy: {self.proxy_url}")
+            
+            success = await self.registration_client.register(self.server_url)
+            
+            if success:
+                self.registered = True
+                self.registration_time = time.time()
+                self.logger.info("✅ Proxy registration completed successfully")
+            else:
+                self.logger.error("❌ Proxy registration failed")
+            
+            return success
+
+        except Exception as e:
+            self.logger.error(f"Registration error: {e}")
+            return False
+
+    async def unregister(self) -> bool:
+        """
+        Unregister server from proxy.
+
+        Returns:
+            True if unregistration successful, False otherwise
+        """
+        if not self.is_enabled():
+            self.logger.info("Proxy registration is disabled")
+            return True
+
+        if not self.registered:
+            self.logger.info("Server not registered, skipping unregistration")
+            return True
+
+        try:
+            self.logger.info("Unregistering from proxy")
+            
+            success = await self.registration_client.unregister()
+            
+            if success:
+                self.registered = False
+                self.registration_time = None
+                self.logger.info("✅ Proxy unregistration completed successfully")
+            else:
+                self.logger.warning("⚠️ Proxy unregistration failed")
+            
+            return success
+
+        except Exception as e:
+            self.logger.error(f"Unregistration error: {e}")
+            return False
+
+    def set_server_url(self, server_url: str) -> None:
+        """
+        Set server URL for registration.
+
+        Args:
+            server_url: Server URL to register
+        """
+        self.server_url = server_url
+        self.logger.info(f"Server URL set: {server_url}")
+
+    def get_registration_status(self) -> Dict[str, Any]:
+        """
+        Get current registration status.
+
+        Returns:
+            Dictionary with registration status information
+        """
+        return {
+            "enabled": self.is_enabled(),
+            "registered": self.registered,
+            "proxy_url": self.proxy_url,
+            "server_url": self.server_url,
+            "registration_time": self.registration_time,
+            "client_security_available": self.client_security is not None,
+        }