mcp-proxy-adapter 6.9.43__py3-none-any.whl

mcp_proxy_adapter/core/proxy/registration_client.py

@@ -0,0 +1,186 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Registration client for proxy registration.
+"""
+
+from typing import Dict, Any
+import aiohttp
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+from .auth_manager import AuthManager
+from .ssl_manager import SSLManager
+
+
+class RegistrationClient:
+    """Client for proxy registration operations."""
+
+    def __init__(
+        self,
+        client_security,
+        registration_config: Dict[str, Any],
+        config: Dict[str, Any],
+        proxy_url: str,
+    ):
+        """
+        Initialize registration client.
+
+        Args:
+            client_security: Client security manager instance
+            registration_config: Registration configuration
+            config: Application configuration
+            proxy_url: Proxy server URL
+        """
+        self.client_security = client_security
+        self.registration_config = registration_config
+        self.config = config
+        self.proxy_url = proxy_url
+        self.logger = get_global_logger()
+        
+        # Initialize managers
+        self.auth_manager = AuthManager(client_security, registration_config)
+        self.ssl_manager = SSLManager(
+            client_security, registration_config, config, proxy_url
+        )
+
+    def _prepare_registration_data(self, server_url: str) -> Dict[str, Any]:
+        """
+        Prepare registration data.
+
+        Args:
+            server_url: Server URL to register
+
+        Returns:
+            Registration data dictionary
+        """
+        # Proxy expects "name" field, use server_id or server_name
+        server_name = (
+            self.registration_config.get("server_id")
+            or self.registration_config.get("server_name")
+            or "mcp_proxy_adapter"
+        )
+        
+        return {
+            "name": server_name,
+            "url": server_url,
+            "capabilities": self.registration_config.get("capabilities", ["jsonrpc"]),
+            "metadata": {
+                "server_id": self.registration_config.get("server_id"),
+                "server_name": self.registration_config.get("server_name"),
+                "description": self.registration_config.get("description", ""),
+                "version": self.registration_config.get("version", "1.0.0"),
+            },
+        }
+
+    async def register(self, server_url: str) -> bool:
+        """
+        Register server with proxy.
+
+        Args:
+            server_url: Server URL to register
+
+        Returns:
+            True if registration successful, False otherwise
+        """
+        try:
+            registration_data = self._prepare_registration_data(server_url)
+            
+            # Get SSL context if needed
+            ssl_context = self.ssl_manager.get_ssl_context()
+            
+            # Get headers with authentication if needed
+            headers = self.auth_manager.get_headers()
+            
+            # Prepare request configuration
+            connector = None
+            if ssl_context:
+                connector = aiohttp.TCPConnector(ssl=ssl_context)
+            
+            # Send registration request
+            async with aiohttp.ClientSession(connector=connector) as session:
+                register_url = f"{self.proxy_url}/register"
+                self.logger.info(f"Attempting to register server with proxy at {register_url}")
+                self.logger.debug(f"Registration data: {registration_data}")
+                self.logger.debug(f"Headers: {headers}")
+                
+                # Ensure Content-Type header is set
+                if "Content-Type" not in headers:
+                    headers["Content-Type"] = "application/json"
+                
+                async with session.post(
+                    register_url,
+                    json=registration_data,
+                    headers=headers,
+                    timeout=aiohttp.ClientTimeout(total=30)
+                ) as response:
+                    if response.status == 200:
+                        result = await response.json()
+                        self.logger.info(f"✅ Successfully registered with proxy. Server key: {result.get('key')}")
+                        return True
+                    else:
+                        error_text = await response.text()
+                        self.logger.error(
+                            f"❌ Failed to register with proxy: {response.status} {response.reason}: {error_text}"
+                        )
+                        return False
+                        
+        except Exception as e:
+            self.logger.error(f"Registration error: {e}", exc_info=True)
+            return False
+
+    async def unregister(self) -> bool:
+        """
+        Unregister server from proxy.
+
+        Returns:
+            True if unregistration successful, False otherwise
+        """
+        try:
+            server_name = (
+                self.registration_config.get("server_id")
+                or self.registration_config.get("server_name")
+                or "mcp_proxy_adapter"
+            )
+            
+            unregister_data = {
+                "name": server_name,
+                "url": "",  # Not needed for unregister
+                "capabilities": [],
+                "metadata": {},
+            }
+            
+            # Get SSL context if needed
+            ssl_context = self.ssl_manager.get_ssl_context()
+            
+            # Get headers with authentication if needed
+            headers = self.auth_manager.get_headers()
+            
+            # Prepare request configuration
+            connector = None
+            if ssl_context:
+                connector = aiohttp.TCPConnector(ssl=ssl_context)
+            
+            # Send unregistration request
+            async with aiohttp.ClientSession(connector=connector) as session:
+                unregister_url = f"{self.proxy_url}/unregister"
+                
+                async with session.post(
+                    unregister_url,
+                    json=unregister_data,
+                    headers=headers,
+                    timeout=aiohttp.ClientTimeout(total=10)
+                ) as response:
+                    if response.status == 200:
+                        self.logger.info("✅ Successfully unregistered from proxy")
+                        return True
+                    else:
+                        error_text = await response.text()
+                        self.logger.warning(
+                            f"⚠️ Failed to unregister from proxy: {response.status} {response.reason}: {error_text}"
+                        )
+                        return False
+                        
+        except Exception as e:
+            self.logger.error(f"Unregistration error: {e}", exc_info=True)
+            return False

mcp_proxy_adapter/core/proxy/ssl_manager.py

@@ -0,0 +1,101 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+SSL management for proxy registration.
+"""
+
+import ssl
+from typing import Dict, Any, Optional
+from urllib.parse import urlparse
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class SSLManager:
+    """Manager for SSL connections in proxy registration."""
+
+    def __init__(self, client_security, registration_config: Dict[str, Any], config: Dict[str, Any], proxy_url: str):
+        """
+        Initialize SSL manager.
+
+        Args:
+            client_security: Client security manager instance
+            registration_config: Registration configuration
+            config: Application configuration
+            proxy_url: Proxy server URL
+        """
+        self.client_security = client_security
+        self.registration_config = registration_config
+        self.config = config
+        self.proxy_url = proxy_url
+        self.logger = get_global_logger()
+
+    def create_ssl_context(self) -> Optional[ssl.SSLContext]:
+        """
+        Create SSL context for secure connections using registration SSL configuration.
+
+        Returns:
+            SSL context or None if SSL not needed
+        """
+        self.logger.debug("_create_ssl_context called")
+        
+        # Decide SSL strictly by proxy URL scheme: use SSL only for https proxy URLs
+        try:
+            scheme = urlparse(self.proxy_url).scheme if self.proxy_url else "http"
+            if scheme.lower() != "https":
+                self.logger.debug("Proxy URL is HTTP, skipping SSL context creation for registration")
+                return None
+        except Exception:
+            self.logger.debug("Failed to parse proxy_url, assuming HTTP and skipping SSL context")
+            return None
+            
+        if not self.client_security:
+            self.logger.debug("SSL context creation failed: client_security is None")
+            return None
+
+        try:
+            # Check if SSL is enabled for registration
+            cert_config = self.registration_config.get("certificate", {})
+            ssl_config = self.registration_config.get("ssl", {})
+
+            # FALLBACK: if no explicit registration SSL/certs provided, reuse global SSL config
+            if not cert_config and not ssl_config:
+                global_ssl = self.config.get("security", {}).get("ssl", {}) or self.config.get("ssl", {})
+                if global_ssl:
+                    # Map global ssl to registration-style configs
+                    mapped_cert = {}
+                    if global_ssl.get("cert_file") and global_ssl.get("key_file"):
+                        mapped_cert = {
+                            "cert_file": global_ssl.get("cert_file"),
+                            "key_file": global_ssl.get("key_file"),
+                        }
+                    mapped_ssl = {}
+                    if global_ssl.get("ca_cert"):
+                        mapped_ssl["ca_cert"] = global_ssl.get("ca_cert")
+                    if global_ssl.get("verify_client") is not None:
+                        mapped_ssl["verify_mode"] = (
+                            "CERT_REQUIRED" if global_ssl.get("verify_client") else "CERT_NONE"
+                        )
+                    cert_config = mapped_cert
+                    ssl_config = mapped_ssl
+
+            # Use client security manager to create SSL context
+            if cert_config or ssl_config:
+                ssl_context = self.client_security.create_ssl_context(
+                    cert_config=cert_config,
+                    ssl_config=ssl_config
+                )
+                if ssl_context:
+                    self.logger.debug("SSL context created successfully for registration")
+                    return ssl_context
+                else:
+                    self.logger.warning("Failed to create SSL context for registration")
+                    return None
+            else:
+                self.logger.debug("No SSL configuration found for registration")
+                return None
+
+        except Exception as e:
+            self.logger.error(f"Error creating SSL context for registration: {e}")
+            return None

mcp_proxy_adapter/core/proxy_client.py

@@ -0,0 +1,184 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Core mTLS Proxy Client.
+
+Provides an asynchronous client for communicating with a proxy-like server over
+mutual TLS. Designed to be used by services built on this framework to:
+- perform health/heartbeat checks
+- register themselves with the proxy
+
+This client intentionally avoids framework-specific configuration objects and
+accepts explicit parameters for clarity and portability.
+"""
+
+import json
+import ssl
+from dataclasses import dataclass
+from typing import Any, Dict, Optional, Tuple
+from urllib.parse import urljoin
+
+import aiohttp  # type: ignore[import]
+
+
+@dataclass(frozen=True)
+class RegistrationRequest:
+    """Data payload for registration calls to the proxy server."""
+
+    server_id: str
+    server_name: str
+    description: Optional[str] = None
+    extra: Optional[Dict[str, Any]] = None
+
+    def to_dict(self) -> Dict[str, Any]:
+        payload: Dict[str, Any] = {
+            "server_id": self.server_id,
+            "server_name": self.server_name,
+        }
+        if self.description is not None:
+            payload["description"] = self.description
+        if self.extra:
+            payload.update(self.extra)
+        return payload
+
+
+class ProxyClient:
+    """Asynchronous mTLS HTTP client for communicating with a proxy server.
+
+    Usage:
+        async with ProxyClient(
+            base_url="https://your-proxy-host:3004",
+            ca_cert_path="/path/to/ca.crt",
+            client_cert_path="/path/to/client.crt",
+            client_key_path="/path/to/client.key",
+        ) as client:
+            status, health = await client.health()
+            status, hb = await client.heartbeat()
+            status, reg = await client.register(
+                RegistrationRequest(...)
+            )
+    """
+
+    def __init__(
+        self,
+        base_url: str,
+        *,
+        ca_cert_path: str,
+        client_cert_path: str,
+        client_key_path: str,
+        request_timeout_s: float = 5.0,
+        min_tls_version: ssl.TLSVersion = ssl.TLSVersion.TLSv1_2,
+        verify_mode: ssl.VerifyMode = ssl.CERT_REQUIRED,
+    ) -> None:
+        if not base_url.startswith("http"):
+            raise ValueError("base_url must start with http/https")
+        self._base_url: str = base_url.rstrip("/")
+        self._ca_cert_path: str = ca_cert_path
+        self._client_cert_path: str = client_cert_path
+        self._client_key_path: str = client_key_path
+        self._request_timeout_s: float = request_timeout_s
+        self._min_tls_version: ssl.TLSVersion = min_tls_version
+        self._verify_mode: ssl.VerifyMode = verify_mode
+
+        self._ssl_context: Optional[ssl.SSLContext] = None
+        self._session: Optional[aiohttp.ClientSession] = None
+
+    async def __aenter__(self) -> "ProxyClient":
+        await self._ensure_session()
+        return self
+
+    async def __aexit__(self, exc_type, exc, tb) -> None:
+        await self.close()
+
+    async def _ensure_session(self) -> None:
+        if self._session is not None:
+            return
+        ssl_context = self._build_ssl_context()
+        timeout = aiohttp.ClientTimeout(total=self._request_timeout_s)
+        connector = aiohttp.TCPConnector(ssl=ssl_context)
+        self._session = aiohttp.ClientSession(
+            timeout=timeout,
+            connector=connector,
+        )
+        self._ssl_context = ssl_context
+
+    async def close(self) -> None:
+        if self._session is not None:
+            await self._session.close()
+        self._session = None
+        self._ssl_context = None
+
+    def _build_ssl_context(self) -> ssl.SSLContext:
+        ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+        ctx.minimum_version = self._min_tls_version
+        ctx.verify_mode = self._verify_mode
+        ctx.load_verify_locations(self._ca_cert_path)
+        ctx.load_cert_chain(self._client_cert_path, self._client_key_path)
+        return ctx
+
+    async def _get_json(self, path: str) -> Tuple[int, Dict[str, Any]]:
+        await self._ensure_session()
+        assert self._session is not None
+        url = urljoin(self._base_url + "/", path.lstrip("/"))
+        async with self._session.get(url) as resp:
+            status = resp.status
+            body_text = await resp.text()
+            try:
+                data: Dict[str, Any] = (
+                    json.loads(body_text) if body_text else {}
+                )
+            except json.JSONDecodeError:
+                data = {"raw": body_text}
+            return status, data
+
+    async def _post_json(
+        self,
+        path: str,
+        payload: Dict[str, Any],
+    ) -> Tuple[int, Dict[str, Any]]:
+        await self._ensure_session()
+        assert self._session is not None
+        url = urljoin(self._base_url + "/", path.lstrip("/"))
+        headers = {"Content-Type": "application/json"}
+        async with self._session.post(
+            url,
+            headers=headers,
+            json=payload,
+        ) as resp:
+            status = resp.status
+            body_text = await resp.text()
+            try:
+                data: Dict[str, Any] = (
+                    json.loads(body_text) if body_text else {}
+                )
+            except json.JSONDecodeError:
+                data = {"raw": body_text}
+            return status, data
+
+    async def health(
+        self,
+        path: str = "/health",
+    ) -> Tuple[int, Dict[str, Any]]:
+        """Perform a health check against the proxy."""
+        return await self._get_json(path)
+
+    async def heartbeat(
+        self,
+        path: str = "/heartbeat",
+    ) -> Tuple[int, Dict[str, Any]]:
+        """Perform a heartbeat (liveness) check against the proxy."""
+        return await self._get_json(path)
+
+    async def register(
+        self,
+        request: RegistrationRequest,
+        *,
+        path: str = "/register",
+    ) -> Tuple[int, Dict[str, Any]]:
+        """Register the current service on the proxy server."""
+        payload = request.to_dict()
+        return await self._post_json(
+            path,
+            payload,
+        )

mcp_proxy_adapter/core/proxy_registration.py

@@ -0,0 +1,80 @@
+"""
+Module for proxy registration functionality with security framework integration.
+
+This module handles automatic registration and unregistration of the server
+with the MCP proxy server during startup and shutdown, using mcp_security_framework
+for secure connections and authentication.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+from typing import Dict, Any, Optional
+
+from mcp_proxy_adapter.core.proxy.proxy_registration_manager import (
+    ProxyRegistrationManager,
+)
+
+# Global registration manager instance
+_registration_manager: Optional[ProxyRegistrationManager] = None
+
+
+def initialize_proxy_registration(config: Dict[str, Any]) -> None:
+    """
+    Initialize proxy registration with configuration.
+
+    Args:
+        config: Application configuration
+    """
+    global _registration_manager
+    _registration_manager = ProxyRegistrationManager(config)
+
+
+async def register_with_proxy(server_url: str) -> bool:
+    """
+    Register server with proxy.
+
+    Args:
+        server_url: Server URL to register
+
+    Returns:
+        True if registration successful, False otherwise
+    """
+    if not _registration_manager:
+        return False
+    
+    _registration_manager.set_server_url(server_url)
+    return await _registration_manager.register()
+
+
+async def unregister_from_proxy() -> bool:
+    """
+    Unregister server from proxy.
+
+    Returns:
+        True if unregistration successful, False otherwise
+    """
+    if not _registration_manager:
+        return True
+    
+    return await _registration_manager.unregister()
+
+
+def get_proxy_registration_status() -> Dict[str, Any]:
+    """
+    Get current proxy registration status.
+
+    Returns:
+        Dictionary with registration status information
+    """
+    if not _registration_manager:
+        return {
+            "enabled": False,
+            "registered": False,
+            "proxy_url": None,
+            "server_url": None,
+            "registration_time": None,
+            "client_security_available": False,
+        }
+    
+    return _registration_manager.get_registration_status()

mcp_proxy_adapter/core/role_utils.py

@@ -0,0 +1,103 @@
+"""
+Role Utilities
+
+This module provides utilities for working with roles extracted from certificates.
+Includes functions for role extraction, comparison, validation, and normalization.
+
+Author: MCP Proxy Adapter Team
+Version: 1.0.0
+"""
+
+import logging
+from typing import List
+
+
+class RoleUtils:
+    """
+    Utilities for working with roles from certificates.
+
+    Provides methods for extracting, comparing, validating, and normalizing roles.
+    """
+
+    # Custom OID for roles in certificates
+    ROLE_EXTENSION_OID = "1.3.6.1.4.1.99999.1"
+
+    @staticmethod
+    def validate_single_role(role: str) -> bool:
+        """
+        Validate a single role.
+
+        Args:
+            role: Role string to validate
+
+        Returns:
+            True if role is valid, False otherwise
+        """
+        if not isinstance(role, str):
+            return False
+
+        # Check if role is not empty after trimming
+        if not role.strip():
+            return False
+
+        # Check for valid characters (alphanumeric, hyphens, underscores)
+        valid_chars = set(
+            "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
+        )
+        role_chars = set(role.lower())
+
+        if not role_chars.issubset(valid_chars):
+            return False
+
+        # Check length (1-50 characters)
+        if len(role) < 1 or len(role) > 50:
+            return False
+
+        return True
+
+    @staticmethod
+    def normalize_role(role: str) -> str:
+        """
+        Normalize role string.
+
+        Args:
+            role: Role string to normalize
+
+        Returns:
+            Normalized role string
+        """
+        if not role:
+            return ""
+
+        # Convert to lowercase and trim whitespace
+        normalized = role.lower().strip()
+
+        # Replace multiple spaces with single space
+        normalized = " ".join(normalized.split())
+
+        # Replace spaces with hyphens
+        normalized = normalized.replace(" ", "-")
+
+        return normalized
+
+    @staticmethod
+    def normalize_roles(roles: List[str]) -> List[str]:
+        """
+        Normalize list of roles.
+
+        Args:
+            roles: List of roles to normalize
+
+        Returns:
+            List of normalized roles
+        """
+        if not roles:
+            return []
+
+        normalized = []
+        for role in roles:
+            normalized_role = RoleUtils.normalize_role(role)
+            if normalized_role and normalized_role not in normalized:
+                normalized.append(normalized_role)
+
+        return normalized