PyPI - mcp-security-framework - Versions diffs - 0.1.0__py3-none-any.whl → 1.1.1__py3-none-any.whl - Mend

mcp-security-framework 0.1.0py3-none-any.whl → 1.1.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

mcp_security_framework/__init__.py +26 -15
mcp_security_framework/cli/__init__.py +1 -1
mcp_security_framework/cli/cert_cli.py +233 -197
mcp_security_framework/cli/security_cli.py +324 -234
mcp_security_framework/constants.py +21 -27
mcp_security_framework/core/auth_manager.py +49 -20
mcp_security_framework/core/cert_manager.py +398 -104
mcp_security_framework/core/permission_manager.py +13 -9
mcp_security_framework/core/rate_limiter.py +10 -0
mcp_security_framework/core/security_manager.py +286 -229
mcp_security_framework/examples/__init__.py +6 -0
mcp_security_framework/examples/comprehensive_example.py +954 -0
mcp_security_framework/examples/django_example.py +276 -202
mcp_security_framework/examples/fastapi_example.py +897 -393
mcp_security_framework/examples/flask_example.py +311 -200
mcp_security_framework/examples/gateway_example.py +373 -214
mcp_security_framework/examples/microservice_example.py +337 -172
mcp_security_framework/examples/standalone_example.py +719 -478
mcp_security_framework/examples/test_all_examples.py +572 -0
mcp_security_framework/middleware/__init__.py +46 -55
mcp_security_framework/middleware/auth_middleware.py +62 -63
mcp_security_framework/middleware/fastapi_auth_middleware.py +179 -110
mcp_security_framework/middleware/fastapi_middleware.py +156 -148
mcp_security_framework/middleware/flask_auth_middleware.py +267 -107
mcp_security_framework/middleware/flask_middleware.py +183 -157
mcp_security_framework/middleware/mtls_middleware.py +106 -117
mcp_security_framework/middleware/rate_limit_middleware.py +105 -101
mcp_security_framework/middleware/security_middleware.py +109 -124
mcp_security_framework/schemas/config.py +2 -1
mcp_security_framework/schemas/models.py +19 -6
mcp_security_framework/utils/cert_utils.py +14 -8
mcp_security_framework/utils/datetime_compat.py +116 -0
{mcp_security_framework-0.1.0.dist-info → mcp_security_framework-1.1.1.dist-info}/METADATA +2 -1
mcp_security_framework-1.1.1.dist-info/RECORD +84 -0
tests/conftest.py +303 -0
tests/test_cli/test_cert_cli.py +194 -174
tests/test_cli/test_security_cli.py +274 -247
tests/test_core/test_cert_manager.py +33 -19
tests/test_core/test_security_manager.py +2 -2
tests/test_examples/test_comprehensive_example.py +613 -0
tests/test_examples/test_fastapi_example.py +290 -169
tests/test_examples/test_flask_example.py +304 -162
tests/test_examples/test_standalone_example.py +106 -168
tests/test_integration/test_auth_flow.py +214 -198
tests/test_integration/test_certificate_flow.py +181 -150
tests/test_integration/test_fastapi_integration.py +140 -149
tests/test_integration/test_flask_integration.py +144 -141
tests/test_integration/test_standalone_integration.py +331 -300
tests/test_middleware/test_fastapi_auth_middleware.py +745 -0
tests/test_middleware/test_fastapi_middleware.py +147 -132
tests/test_middleware/test_flask_auth_middleware.py +696 -0
tests/test_middleware/test_flask_middleware.py +201 -179
tests/test_middleware/test_security_middleware.py +151 -130
tests/test_utils/test_datetime_compat.py +147 -0
mcp_security_framework-0.1.0.dist-info/RECORD +0 -76
{mcp_security_framework-0.1.0.dist-info → mcp_security_framework-1.1.1.dist-info}/WHEEL +0 -0
{mcp_security_framework-0.1.0.dist-info → mcp_security_framework-1.1.1.dist-info}/entry_points.txt +0 -0
{mcp_security_framework-0.1.0.dist-info → mcp_security_framework-1.1.1.dist-info}/top_level.txt +0 -0

mcp_security_framework/middleware/mtls_middleware.py CHANGED Viewed

@@ -25,13 +25,13 @@ import ssl
 from abc import ABC, abstractmethod
 from typing import Any, Dict, List, Optional, Union
+from ..schemas.models import AuthMethod, AuthResult, AuthStatus
 from .security_middleware import SecurityMiddleware, SecurityMiddlewareError
-from ..schemas.models import AuthResult, AuthStatus, AuthMethod
 class MTLSMiddlewareError(SecurityMiddlewareError):
     """Raised when mTLS middleware encounters an error."""
     def __init__(self, message: str, error_code: int = -32037):
         self.message = message
         self.error_code = error_code
@@ -41,18 +41,18 @@ class MTLSMiddlewareError(SecurityMiddlewareError):
 class MTLSMiddleware(SecurityMiddleware):
     """
     mTLS (Mutual TLS) Middleware Class
     This class provides mTLS-specific middleware that focuses on mutual
     TLS authentication and certificate validation. It's designed for
     scenarios where client certificates are used for authentication.
     The MTLSMiddleware implements:
     - mTLS authentication processing
     - Client certificate validation
     - Certificate chain verification
     - Certificate-based role extraction
     - mTLS event logging
     Key Responsibilities:
     - Process requests through mTLS authentication pipeline
     - Validate client certificates
@@ -60,82 +60,82 @@ class MTLSMiddleware(SecurityMiddleware):
     - Extract roles and permissions from certificates
     - Handle mTLS-specific error scenarios
     - Log mTLS authentication events
     Attributes:
         Inherits all attributes from SecurityMiddleware
         _certificate_cache (Dict): Cache for certificate validation results
         _ca_certificates (List): List of trusted CA certificates
     Example:
         >>> from mcp_security_framework.middleware import MTLSMiddleware
-        >>>
+        >>>
         >>> security_manager = SecurityManager(config)
         >>> mtls_middleware = MTLSMiddleware(security_manager)
         >>> app.add_middleware(mtls_middleware)
     Note:
         This middleware requires proper SSL/TLS configuration on the
         server to handle client certificates.
     """
     def __init__(self, security_manager):
         """
         Initialize mTLS Middleware.
         Args:
             security_manager: Security manager instance containing
                 all security components and configuration.
         Raises:
             MTLSMiddlewareError: If initialization fails
         """
         super().__init__(security_manager)
         self.logger = logging.getLogger(f"{__name__}.{self.__class__.__name__}")
         # Initialize certificate cache
         self._certificate_cache: Dict[str, Dict[str, Any]] = {}
         # Load CA certificates if configured
         self._ca_certificates = self._load_ca_certificates()
         self.logger.info(
             "mTLS middleware initialized",
-            extra={"ca_certificates_count": len(self._ca_certificates)}
+            extra={"ca_certificates_count": len(self._ca_certificates)},
         )
     @abstractmethod
     def __call__(self, request: Any, call_next: Any) -> Any:
         """
         Process request through mTLS middleware.
         This method implements the mTLS authentication processing
         pipeline, focusing on client certificate validation.
         Args:
             request: Framework-specific request object
             call_next: Framework-specific call_next function
         Returns:
             Framework-specific response object
         Raises:
             MTLSMiddlewareError: If mTLS processing fails
         """
         pass
     def _authenticate_mtls(self, request: Any) -> AuthResult:
         """
         Perform mTLS authentication.
         This method handles mutual TLS authentication by validating
         client certificates and extracting user information.
         Args:
             request: Framework-specific request object
         Returns:
             AuthResult: Authentication result with user information
         Raises:
             MTLSMiddlewareError: If mTLS authentication fails
         """
@@ -150,9 +150,9 @@ class MTLSMiddleware(SecurityMiddleware):
                     roles=[],
                     auth_method=AuthMethod.CERTIFICATE,
                     error_code=-32038,
-                    error_message="No client certificate provided"
+                    error_message="No client certificate provided",
                 )
             # Validate client certificate
             cert_validation = self._validate_client_certificate(client_cert)
             if not cert_validation["is_valid"]:
@@ -163,119 +163,113 @@ class MTLSMiddleware(SecurityMiddleware):
                     roles=[],
                     auth_method=AuthMethod.CERTIFICATE,
                     error_code=-32039,
-                    error_message=cert_validation["error_message"]
+                    error_message=cert_validation["error_message"],
                 )
             # Extract user information from certificate
             user_info = self._extract_user_info_from_certificate(client_cert)
             # Extract roles from certificate
             roles = self._extract_roles_from_certificate(client_cert)
             self.logger.info(
                 "mTLS authentication successful",
                 extra={
                     "username": user_info["username"],
                     "subject": user_info["subject"],
                     "issuer": user_info["issuer"],
-                    "roles": roles
-                }
+                    "roles": roles,
+                },
             )
             return AuthResult(
                 is_valid=True,
                 status=AuthStatus.SUCCESS,
                 username=user_info["username"],
                 roles=roles,
-                auth_method=AuthMethod.CERTIFICATE
+                auth_method=AuthMethod.CERTIFICATE,
             )
         except Exception as e:
             self.logger.error(
-                "mTLS authentication failed",
-                extra={"error": str(e)},
-                exc_info=True
+                "mTLS authentication failed", extra={"error": str(e)}, exc_info=True
             )
             raise MTLSMiddlewareError(
-                f"mTLS authentication failed: {str(e)}",
-                error_code=-32040
+                f"mTLS authentication failed: {str(e)}", error_code=-32040
             )
     def _get_client_certificate(self, request: Any) -> Optional[str]:
         """
         Get client certificate from request.
         Args:
             request: Framework-specific request object
         Returns:
             Optional[str]: Client certificate in PEM format if available
         """
         # This should be implemented by framework-specific subclasses
         # to extract the client certificate from the request
         return None
     def _validate_client_certificate(self, cert_pem: str) -> Dict[str, Any]:
         """
         Validate client certificate.
         Args:
             cert_pem (str): Client certificate in PEM format
         Returns:
             Dict[str, Any]: Validation result with status and details
         """
         try:
             # Use security manager's certificate validation
             is_valid = self.security_manager.cert_manager.validate_certificate_chain(
-                cert_pem,
-                self.config.ssl.ca_cert_file if self.config.ssl else None
+                cert_pem, self.config.ssl.ca_cert_file if self.config.ssl else None
             )
             if is_valid:
-                return {
-                    "is_valid": True,
-                    "error_message": ""
-                }
+                return {"is_valid": True, "error_message": ""}
             else:
                 return {
                     "is_valid": False,
-                    "error_message": "Certificate validation failed"
+                    "error_message": "Certificate validation failed",
                 }
         except Exception as e:
             return {
                 "is_valid": False,
-                "error_message": f"Certificate validation error: {str(e)}"
+                "error_message": f"Certificate validation error: {str(e)}",
             }
     def _extract_user_info_from_certificate(self, cert_pem: str) -> Dict[str, str]:
         """
         Extract user information from certificate.
         Args:
             cert_pem (str): Client certificate in PEM format
         Returns:
             Dict[str, str]: User information extracted from certificate
         """
         try:
             # Use security manager's certificate utilities
-            cert_info = self.security_manager.cert_manager.get_certificate_info(cert_pem)
+            cert_info = self.security_manager.cert_manager.get_certificate_info(
+                cert_pem
+            )
             return {
                 "username": cert_info.get("common_name", "unknown"),
                 "subject": cert_info.get("subject", ""),
                 "issuer": cert_info.get("issuer", ""),
                 "serial_number": cert_info.get("serial_number", ""),
                 "valid_from": str(cert_info.get("valid_from", "")),
-                "valid_until": str(cert_info.get("valid_until", ""))
+                "valid_until": str(cert_info.get("valid_until", "")),
             }
         except Exception as e:
             self.logger.error(
-                "Failed to extract user info from certificate",
-                extra={"error": str(e)}
+                "Failed to extract user info from certificate", extra={"error": str(e)}
             )
             return {
                 "username": "unknown",
@@ -283,61 +277,59 @@ class MTLSMiddleware(SecurityMiddleware):
                 "issuer": "",
                 "serial_number": "",
                 "valid_from": "",
-                "valid_until": ""
+                "valid_until": "",
             }
     def _extract_roles_from_certificate(self, cert_pem: str) -> List[str]:
         """
         Extract roles from certificate.
         Args:
             cert_pem (str): Client certificate in PEM format
         Returns:
             List[str]: List of roles extracted from certificate
         """
         try:
             # Use security manager's certificate utilities
-            roles = self.security_manager.cert_manager.extract_roles_from_certificate(cert_pem)
+            roles = self.security_manager.cert_manager.extract_roles_from_certificate(
+                cert_pem
+            )
             return roles
         except Exception as e:
             self.logger.error(
-                "Failed to extract roles from certificate",
-                extra={"error": str(e)}
+                "Failed to extract roles from certificate", extra={"error": str(e)}
             )
             return []
     def _load_ca_certificates(self) -> List[str]:
         """
         Load trusted CA certificates.
         Returns:
             List[str]: List of CA certificates in PEM format
         """
         ca_certs = []
         try:
             if self.config.ssl and self.config.ssl.ca_cert_file:
                 # Load CA certificate from file
-                with open(self.config.ssl.ca_cert_file, 'r') as f:
+                with open(self.config.ssl.ca_cert_file, "r") as f:
                     ca_certs.append(f.read())
         except Exception as e:
-            self.logger.error(
-                "Failed to load CA certificates",
-                extra={"error": str(e)}
-            )
+            self.logger.error("Failed to load CA certificates", extra={"error": str(e)})
         return ca_certs
     def _verify_certificate_chain(self, cert_pem: str) -> bool:
         """
         Verify certificate chain against trusted CAs.
         Args:
             cert_pem (str): Client certificate in PEM format
         Returns:
             bool: True if chain is valid, False otherwise
         """
@@ -345,21 +337,20 @@ class MTLSMiddleware(SecurityMiddleware):
             # This would implement certificate chain verification
             # against the loaded CA certificates
             return True
         except Exception as e:
             self.logger.error(
-                "Certificate chain verification failed",
-                extra={"error": str(e)}
+                "Certificate chain verification failed", extra={"error": str(e)}
             )
             return False
     def _check_certificate_revocation(self, cert_pem: str) -> bool:
         """
         Check if certificate is revoked.
         Args:
             cert_pem (str): Client certificate in PEM format
         Returns:
             bool: True if certificate is not revoked, False otherwise
         """
@@ -367,19 +358,22 @@ class MTLSMiddleware(SecurityMiddleware):
             # This would implement CRL or OCSP checking
             # For now, assume certificate is not revoked
             return True
         except Exception as e:
             self.logger.error(
-                "Certificate revocation check failed",
-                extra={"error": str(e)}
+                "Certificate revocation check failed", extra={"error": str(e)}
             )
             return False
-    def _log_mtls_event(self, event_type: str, cert_info: Dict[str, Any],
-                       request_details: Dict[str, Any]) -> None:
+    def _log_mtls_event(
+        self,
+        event_type: str,
+        cert_info: Dict[str, Any],
+        request_details: Dict[str, Any],
+    ) -> None:
         """
         Log mTLS event.
         Args:
             event_type (str): Type of mTLS event
             cert_info (Dict[str, Any]): Certificate information
@@ -393,47 +387,42 @@ class MTLSMiddleware(SecurityMiddleware):
                 "subject": cert_info.get("subject", ""),
                 "issuer": cert_info.get("issuer", ""),
                 "serial_number": cert_info.get("serial_number", ""),
-                **request_details
-            }
+                **request_details,
+            },
         )
     def get_certificate_info(self, cert_pem: str) -> Dict[str, Any]:
         """
         Get detailed certificate information.
         Args:
             cert_pem (str): Certificate in PEM format
         Returns:
             Dict[str, Any]: Detailed certificate information
         """
         try:
             return self.security_manager.cert_manager.get_certificate_info(cert_pem)
         except Exception as e:
-            self.logger.error(
-                "Failed to get certificate info",
-                extra={"error": str(e)}
-            )
+            self.logger.error("Failed to get certificate info", extra={"error": str(e)})
             return {"error": str(e)}
     def validate_certificate_chain(self, cert_pem: str) -> bool:
         """
         Validate certificate chain.
         Args:
             cert_pem (str): Certificate in PEM format
         Returns:
             bool: True if chain is valid, False otherwise
         """
         try:
             return self.security_manager.cert_manager.validate_certificate_chain(
-                cert_pem,
-                self.config.ssl.ca_cert_file if self.config.ssl else None
+                cert_pem, self.config.ssl.ca_cert_file if self.config.ssl else None
             )
         except Exception as e:
             self.logger.error(
-                "Certificate chain validation failed",
-                extra={"error": str(e)}
+                "Certificate chain validation failed", extra={"error": str(e)}
             )
             return False

mcp-security-framework 0.1.0__py3-none-any.whl → 1.1.1__py3-none-any.whl

mcp-security-framework 0.1.0py3-none-any.whl → 1.1.1py3-none-any.whl