mcp-security-framework 1.1.0__py3-none-any.whl → 1.1.2__py3-none-any.whl

mcp_security_framework/utils/cert_utils.py

@@ -40,6 +40,11 @@ from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.x509.oid import ExtensionOID, NameOID
 
+from mcp_security_framework.utils.datetime_compat import (
+    get_not_valid_after_utc,
+    get_not_valid_before_utc,
+)
+
 
 class CertificateError(Exception):
     """Raised when certificate operations fail."""
@@ -125,8 +130,8 @@ def extract_certificate_info(cert_data: Union[str, bytes, Path]) -> Dict:
             "issuer": str(cert.issuer),
             "serial_number": str(cert.serial_number),
             "version": cert.version.name,
-            "not_before": cert.not_valid_before_utc,
-            "not_after": cert.not_valid_after_utc,
+            "not_before": get_not_valid_before_utc(cert),
+            "not_after": get_not_valid_after_utc(cert),
             "signature_algorithm": cert.signature_algorithm_oid._name,
             "public_key_algorithm": cert.public_key_algorithm_oid._name,
             "key_size": _get_key_size(cert.public_key()),
@@ -266,7 +271,8 @@ def extract_permissions_from_certificate(
 
 
 def validate_certificate_chain(
-    cert_data: Union[str, bytes, Path], ca_cert_data: Union[str, bytes, Path, List[Union[str, bytes, Path]]]
+    cert_data: Union[str, bytes, Path],
+    ca_cert_data: Union[str, bytes, Path, List[Union[str, bytes, Path]]],
 ) -> bool:
     """
     Validate certificate chain against CA certificate(s).
@@ -283,7 +289,7 @@ def validate_certificate_chain(
     """
     try:
         cert = parse_certificate(cert_data)
-        
+
         # Handle single CA certificate or list of CA certificates
         if isinstance(ca_cert_data, list):
             ca_certs = [parse_certificate(ca_cert) for ca_cert in ca_cert_data]
@@ -295,7 +301,7 @@ def validate_certificate_chain(
         for ca_cert in ca_certs:
             if cert.issuer == ca_cert.subject:
                 return True
-        
+
         return False
     except Exception as e:
         return False
@@ -319,7 +325,7 @@ def get_certificate_expiry(cert_data: Union[str, bytes, Path]) -> Dict:
         now = datetime.now(timezone.utc)
 
         # Calculate time until expiry
-        time_until_expiry = cert.not_valid_after_utc.replace(tzinfo=timezone.utc) - now
+        time_until_expiry = get_not_valid_after_utc(cert) - now
         days_until_expiry = time_until_expiry.days
 
         # Determine expiry status
@@ -331,8 +337,8 @@ def get_certificate_expiry(cert_data: Union[str, bytes, Path]) -> Dict:
             status = "valid"
 
         return {
-            "not_after": cert.not_valid_after_utc,
-            "not_before": cert.not_valid_before_utc,
+            "not_after": get_not_valid_after_utc(cert),
+            "not_before": get_not_valid_before_utc(cert),
             "days_until_expiry": days_until_expiry,
             "is_expired": time_until_expiry.total_seconds() < 0,
             "expires_soon": days_until_expiry <= 30,

mcp_security_framework/utils/datetime_compat.py

@@ -0,0 +1,116 @@
+"""
+Datetime Compatibility Module
+
+This module provides compatibility functions for working with certificate
+datetime fields across different versions of the cryptography library.
+
+The module handles the transition from naive datetime fields to UTC-aware
+fields introduced in cryptography>=42, ensuring backward compatibility with
+older versions.
+
+Key Features:
+- Compatible datetime field access for certificates
+- Automatic timezone normalization
+- Backward compatibility with cryptography<42
+- Forward compatibility with cryptography>=42
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+from datetime import datetime, timezone
+from typing import Optional
+
+from cryptography.x509 import Certificate
+
+
+def get_not_valid_before_utc(cert: Certificate) -> datetime:
+    """
+    Get certificate not_valid_before field in UTC timezone.
+
+    This function provides compatibility across different cryptography
+    versions:
+    - For cryptography>=42: Returns cert.not_valid_before_utc directly
+    - For cryptography<42: Returns cert.not_valid_before normalized to UTC
+
+    Args:
+        cert (Certificate): Certificate object from cryptography library
+
+    Returns:
+        datetime: UTC timezone-aware datetime representing certificate
+        start date
+
+    Example:
+        >>> from cryptography import x509
+        >>> cert = x509.load_pem_x509_certificate(cert_data)
+        >>> start_date = get_not_valid_before_utc(cert)
+        >>> print(f"Certificate valid from: {start_date}")
+    """
+    # Try to access the new UTC field first (cryptography>=42)
+    if hasattr(cert, "not_valid_before_utc"):
+        val = getattr(cert, "not_valid_before_utc")
+        if val is not None:
+            return val
+
+    # Fall back to the old field and normalize to UTC (cryptography<42)
+    v = cert.not_valid_before
+    return v if v.tzinfo else v.replace(tzinfo=timezone.utc)
+
+
+def get_not_valid_after_utc(cert: Certificate) -> datetime:
+    """
+    Get certificate not_valid_after field in UTC timezone.
+
+    This function provides compatibility across different cryptography
+    versions:
+    - For cryptography>=42: Returns cert.not_valid_after_utc directly
+    - For cryptography<42: Returns cert.not_valid_after normalized to UTC
+
+    Args:
+        cert (Certificate): Certificate object from cryptography library
+
+    Returns:
+        datetime: UTC timezone-aware datetime representing certificate
+        expiry date
+
+    Example:
+        >>> from cryptography import x509
+        >>> cert = x509.load_pem_x509_certificate(cert_data)
+        >>> expiry_date = get_not_valid_after_utc(cert)
+        >>> print(f"Certificate expires: {expiry_date}")
+    """
+    # Try to access the new UTC field first (cryptography>=42)
+    if hasattr(cert, "not_valid_after_utc"):
+        val = getattr(cert, "not_valid_after_utc")
+        if val is not None:
+            return val
+
+    # Fall back to the old field and normalize to UTC (cryptography<42)
+    v = cert.not_valid_after
+    return v if v.tzinfo else v.replace(tzinfo=timezone.utc)
+
+
+def is_cryptography_42_plus() -> bool:
+    """
+    Check if cryptography version is 42 or higher.
+
+    This function checks if the current cryptography version supports
+    the new UTC datetime fields (not_valid_before_utc, not_valid_after_utc).
+
+    Returns:
+        bool: True if cryptography>=42, False otherwise
+
+    Example:
+        >>> if is_cryptography_42_plus():
+        ...     print("Using new UTC datetime fields")
+        ... else:
+        ...     print("Using legacy datetime fields with normalization")
+    """
+    try:
+        import cryptography
+        from packaging import version
+
+        return version.parse(cryptography.__version__) >= version.parse("42.0.0")
+    except (ImportError, AttributeError):
+        # If we can't determine version, assume older version for safety
+        return False

{mcp_security_framework-1.1.0.dist-info → mcp_security_framework-1.1.2.dist-info}/METADATA

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: mcp-security-framework
-Version: 1.1.0
-Summary: Universal security framework for microservices with SSL/TLS, authentication, authorization, and rate limiting
+Version: 1.1.2
+Summary: Universal security framework for microservices with SSL/TLS, authentication, authorization, and rate limiting. Requires cryptography>=42.0.0 for certificate operations.
 Author-email: Vasiliy Zdanovskiy <vasilyvz@gmail.com>
 Maintainer-email: Vasiliy Zdanovskiy <vasilyvz@gmail.com>
 License: MIT
@@ -26,11 +26,12 @@ Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
 Requires-Python: >=3.8
 Description-Content-Type: text/markdown
-Requires-Dist: cryptography>=3.4.0
+Requires-Dist: cryptography>=42.0.0
 Requires-Dist: pydantic<3.0.0,>=1.8.0
 Requires-Dist: PyJWT>=2.0.0
 Requires-Dist: click>=8.0.0
 Requires-Dist: typing-extensions>=4.0.0
+Requires-Dist: packaging>=20.0
 Provides-Extra: fastapi
 Requires-Dist: fastapi>=0.68.0; extra == "fastapi"
 Requires-Dist: uvicorn[standard]>=0.15.0; extra == "fastapi"

mcp_security_framework-1.1.2.dist-info/RECORD

@@ -0,0 +1,84 @@
+mcp_security_framework/__init__.py,sha256=TM8y71Navd_6woEab2cO07MefRsL0tRBItEYfVO7DS8,3172
+mcp_security_framework/constants.py,sha256=k7NMSrgc83Cci8aoilybQxdC7jir7J-mVFE_EpqVrDk,5307
+mcp_security_framework/cli/__init__.py,sha256=plpWdiWMp2dcLvUuGwXynRg5CDjz8YKnNTBn7lcta08,369
+mcp_security_framework/cli/cert_cli.py,sha256=ME8RgTBrjNvOAMPVnXGLr3cbTpOZ2NN4Ei1SouGRPQs,18297
+mcp_security_framework/cli/security_cli.py,sha256=Thine_Zzfesz7j29y2k_XZFYUK5YSrhCc6w2FilgEiE,28486
+mcp_security_framework/core/__init__.py,sha256=LiX8_M5qWiTXccJFjSLxup9emhklp-poq57SvznsKEg,1729
+mcp_security_framework/core/auth_manager.py,sha256=vCa6YBlz7P_vmif-KGWrCCUE54bHO5F3jN-bDJF2o9Y,38909
+mcp_security_framework/core/cert_manager.py,sha256=s625nyMsmrglT7QaqRZtX4oAJVKla5zu0sptHmXJnh4,78750
+mcp_security_framework/core/permission_manager.py,sha256=SADS_oXpwp9MhXHKJMCsvjEq8KWcz7vPYL05Yr-zfio,26478
+mcp_security_framework/core/rate_limiter.py,sha256=6qjVBxK2YHouSxQuCcbr0PBpRqA5toQss_Ce178RElY,20682
+mcp_security_framework/core/security_manager.py,sha256=mAF-5znqxin-MSSgXISB7t1kTkqHltEqGzzmlLAhRGs,37766
+mcp_security_framework/core/ssl_manager.py,sha256=nCDrukaELONQs_uAfb30g69HDxRp2u4k0Bpq8eJH6Zo,27718
+mcp_security_framework/examples/__init__.py,sha256=nfYPVvIQ5wHuDkQvyCYDd1VjCsZMw9HnvjeUORqKyuQ,1915
+mcp_security_framework/examples/comprehensive_example.py,sha256=6CXkqLFjWIQ2rRMYPnDrBdBuWFKbeu2gd2GI_SFVjds,35421
+mcp_security_framework/examples/django_example.py,sha256=IHk-aHsah-cEHjvsngUx91lup1aRC8W9XHzK6jfOMdA,24628
+mcp_security_framework/examples/fastapi_example.py,sha256=8uVze78eyEZpnzW0lNLxAUi27amXY7RJtu4GcGGpFJE,35598
+mcp_security_framework/examples/flask_example.py,sha256=jrqnBxr1eu91SLt0Zcf5949DX-ZyQirqMdKVclO5RSI,21636
+mcp_security_framework/examples/gateway_example.py,sha256=u9CSdnBm3nB89n5uyTarMDys5xsZcVi0wLATBSBvSog,33390
+mcp_security_framework/examples/microservice_example.py,sha256=7xw8mOIT1ZMxH4TQNXMv9DuTquitZou1DatO2_OE7DU,30358
+mcp_security_framework/examples/standalone_example.py,sha256=jtrLJPrsgD8w3hNUv5SbCq4KLMu4z6WgF4deMPpehQM,29786
+mcp_security_framework/examples/test_all_examples.py,sha256=9tRDD6lOCx69M27ESRTr5V5h6VnRh1EPuSfFCbQrvxM,19608
+mcp_security_framework/middleware/__init__.py,sha256=Bx2DBPbhkikWNPXg1WWFoalp2omFPh7rbMYHYQZoZsk,7803
+mcp_security_framework/middleware/auth_middleware.py,sha256=wMxJtlrTrlK7KSAXJ6yZawwqSpCsxXf-U87J05ogdKg,9833
+mcp_security_framework/middleware/fastapi_auth_middleware.py,sha256=LWVEn90I1XpVkgu4q2LFqvjeVinCMAmI2-19UIcgKpw,16904
+mcp_security_framework/middleware/fastapi_middleware.py,sha256=Ye0qJsEMwgeUqVJpqXgbjJJbbf-ZU-6SysMQPmQba-s,26658
+mcp_security_framework/middleware/flask_auth_middleware.py,sha256=ubBlKO0ponOV_KuxkUK4xGcSoslXTaikrdsIZQtGeV0,20228
+mcp_security_framework/middleware/flask_middleware.py,sha256=Ag0zYDKwlvU78LBQ-7Za14IYOAlEVZaXJPD0Qc4MUvA,20666
+mcp_security_framework/middleware/mtls_middleware.py,sha256=iCOX3PVro49GMlTSUtYQFaWLrqtqoWPgI5DEa6Cnst4,13881
+mcp_security_framework/middleware/rate_limit_middleware.py,sha256=deCwwigI0Pt7pBUnk2jDurI9ZyjujWTsexEWWndXm3g,13177
+mcp_security_framework/middleware/security_middleware.py,sha256=PQ251Fr2UrYVPgGfhXq6QJyqK2tRk0WCIg9_FBvfVkg,16844
+mcp_security_framework/schemas/__init__.py,sha256=lefkbRlbj2ICfasSj51MQ04o3z1YycnbnknSJCFfXbU,2590
+mcp_security_framework/schemas/config.py,sha256=kpJJBupR4ZpQyouZyxiZqm7U7AHfLoGncuRltpo_QEM,25825
+mcp_security_framework/schemas/models.py,sha256=n-Ug8O1cpMeA0mIdOd9h1i3kkBZOJsCQMxj3IcNpBFY,26957
+mcp_security_framework/schemas/responses.py,sha256=nVXaqF5GTSprXTa_wiUEu38nvSw9WAXtKViAJNbO-Xg,23206
+mcp_security_framework/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+mcp_security_framework/utils/__init__.py,sha256=wwwdmQYHTSz0Puvs9FD6aIKmWp3NFARe3JPWNH-b_wk,3098
+mcp_security_framework/utils/cert_utils.py,sha256=DNzCqFKbFgYvQxxUUJPgeWe1XCnM4DpUBDqQYRYtlOQ,17266
+mcp_security_framework/utils/crypto_utils.py,sha256=OH2V7_C3FjStxFTIXMUPfNXZuWG2-QjgoBrIH4Lv4p0,12392
+mcp_security_framework/utils/datetime_compat.py,sha256=ool-xs-EevhuYygdzhiAenLAacLuZwGwjPkF43i-9gg,3859
+mcp_security_framework/utils/validation_utils.py,sha256=e9BX3kw9gdXSmFsc7lmG-qnzSlK0-Ynn7Xs4uKHquF4,16279
+tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/conftest.py,sha256=4DKwzXAOqikfPAUNDHRcn-C3ZoWmLRcn9Kz_3nJ9hZ8,8812
+tests/test_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_cli/test_cert_cli.py,sha256=Rm7z-20VAvnmYKY3sgxS-qVNks1vbniQJSpSxjsx_wo,14677
+tests/test_cli/test_security_cli.py,sha256=Bpd31IPJSUl_V1Xzy74ZCOvQpwlbj8Da83C46T8Jewg,25569
+tests/test_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_core/test_auth_manager.py,sha256=tyJUe3yBP95SFwbhSr_IloKhEQw0BuEdvjAC1Hnwu4s,22540
+tests/test_core/test_cert_manager.py,sha256=4YMAkRedkAZW3PEZYEbo1PyrzMntUrKfl7arPsHXDCE,36356
+tests/test_core/test_permission_manager.py,sha256=0XeghWXZqVpKyyRuhuDu1dkLUSwuZaFWkRQxQhkkFVI,14966
+tests/test_core/test_rate_limiter.py,sha256=YzzlhlxZm-A7YGMiIV8LXDA0zmb_6uRF9GRx9s21Q0U,22544
+tests/test_core/test_security_manager.py,sha256=C5uPFALAkitmHbi-L8xF1OyfOmVHQSq1g-PLkwl_LDU,35007
+tests/test_core/test_ssl_manager.py,sha256=Vm_Nw4SoVro_iwPPc_uD9CwzXpVBkGyVH7EqDtHawvU,20362
+tests/test_examples/__init__.py,sha256=VC0N1wB9d01Acnqfos-9x68o23xxHkRhAh4-1qJKUTc,157
+tests/test_examples/test_comprehensive_example.py,sha256=2Q9ZfyEt42dDuwPbxwiJbJjRfLp68l5KClALeVO9JOQ,26020
+tests/test_examples/test_fastapi_example.py,sha256=J_dpdq7ZIvi1DfcYpEAltTEfbHbLqk-Q9B5XpkrgMOk,12978
+tests/test_examples/test_flask_example.py,sha256=makDlkLEkCPU94ZIomrw-5-ff4NDP7uhWLTDuk34Jbg,12540
+tests/test_examples/test_standalone_example.py,sha256=nzSMJ4kglMcFYHWJ130_cNfHghpBcMgNoNU7PMQ7NII,8165
+tests/test_integration/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_integration/test_auth_flow.py,sha256=lzfrI2Yl-nDDQX5Y3TYK6CrUKtkf4oXk0zYPPdoVjSs,18656
+tests/test_integration/test_certificate_flow.py,sha256=6eyMjIKEviPJtkFaRmG7v9Ua-szvlOF6gfYnHF3JUeA,19612
+tests/test_integration/test_fastapi_integration.py,sha256=HFXNRfm0x0ihzVeBZFD6L1fl19mx5Bg5wvWcXmIzjXw,12957
+tests/test_integration/test_flask_integration.py,sha256=mqb9g3H7lwwKajsG0Ee6eeWH25mNLtI6-ZmLiPKvO2g,15087
+tests/test_integration/test_standalone_integration.py,sha256=chMzo1tG4p0DNCdsWbkhFvSAWqNCEj3Tuoi8miF6C3o,19389
+tests/test_middleware/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_middleware/test_fastapi_auth_middleware.py,sha256=6pKnVDrr-inr51bHqije6oa6m44hAqM1nJovInBJcNg,29386
+tests/test_middleware/test_fastapi_middleware.py,sha256=qX0nXM9SrBoAuPs2-LRKT-EzHiwnGCD0c89FYAYnPMw,20607
+tests/test_middleware/test_flask_auth_middleware.py,sha256=NA74wnBq7AR-YsUqlibMSs4B60q7lWTziTPKZtfq_l0,25034
+tests/test_middleware/test_flask_middleware.py,sha256=JqWr5MknE6AvnUUf2Cr0ME6l_wSbze0BqbEIQO8B5qs,22731
+tests/test_middleware/test_security_middleware.py,sha256=J69rVgsnohQp2ucUnGRyWCWZxt6RF2tQ9vQNLFlDXEg,19199
+tests/test_schemas/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_schemas/test_config.py,sha256=Bp_yZ_HBIl7jcR7Wb1S9iCB0tCu_Ov26YKHTulDs1RU,29430
+tests/test_schemas/test_models.py,sha256=bBeZOPqveuVJuEi_BTVWdVsdj08JXJTEFwvBM4eFRVU,34311
+tests/test_schemas/test_responses.py,sha256=ZSbO7A3ThPBovTXO8PFF-2ONWAjJx2dMOoV2lQIfd8s,40774
+tests/test_schemas/test_serialization.py,sha256=jCugAyrdD6Mw1U7Kxni9oTukarZmMMl6KUcl6cq_NTk,18599
+tests/test_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_utils/test_cert_utils.py,sha256=2k1kUCJy0T2HPBwOcU5USGfEBQZ_rGzumAGkDdywLak,21232
+tests/test_utils/test_crypto_utils.py,sha256=yEb4hzG6-irj2DPoXY0DUboJfbeR87ussgTuBpxLGz4,20737
+tests/test_utils/test_datetime_compat.py,sha256=n8S4X5HN-_ejSNpgymDXRyZkmxhnyxwwjxFPdX23I40,5656
+tests/test_utils/test_validation_utils.py,sha256=lus_wHJ2WyVnBGQ28S7dSv78uWcCIuLhn5uflJw-uGw,18569
+mcp_security_framework-1.1.2.dist-info/METADATA,sha256=xuXJme6tsfv0HEsky6X-Nd-S7sULfScqr9y6aU6w-ZM,11771
+mcp_security_framework-1.1.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcp_security_framework-1.1.2.dist-info/entry_points.txt,sha256=qBh92fVDmd1m2f3xeW0hTu3Ksg8QfGJyV8UEkdA2itg,142
+mcp_security_framework-1.1.2.dist-info/top_level.txt,sha256=ifUiGrTDcD574MXSOoAN2rp2wpUvWlb4jD9LTUgDWCA,29
+mcp_security_framework-1.1.2.dist-info/RECORD,,

tests/conftest.py

@@ -8,14 +8,18 @@ Author: Vasiliy Zdanovskiy
 email: vasilyvz@gmail.com
 """
 
+from typing import Any, Dict, Optional
+from unittest.mock import MagicMock, Mock, patch
+
 import pytest
-from unittest.mock import Mock, MagicMock, patch
-from typing import Dict, Any, Optional
 
 from mcp_security_framework.core.security_manager import SecurityManager
 from mcp_security_framework.schemas.models import (
-    AuthResult, AuthStatus, AuthMethod,
-    ValidationResult, ValidationStatus
+    AuthMethod,
+    AuthResult,
+    AuthStatus,
+    ValidationResult,
+    ValidationStatus,
 )
 
 
@@ -23,15 +27,15 @@ from mcp_security_framework.schemas.models import (
 def mock_security_manager():
     """
     Create a mock SecurityManager instance for testing.
-    
+
     This fixture provides a properly configured mock SecurityManager
     that can be used in tests without conflicts with the real implementation.
-    
+
     Returns:
         Mock: Mock SecurityManager instance
     """
     mock_manager = Mock(spec=SecurityManager)
-    
+
     # Mock authentication methods
     def mock_authenticate_api_key(api_key: str) -> AuthResult:
         if api_key == "admin_key_123":
@@ -40,7 +44,7 @@ def mock_security_manager():
                 status=AuthStatus.SUCCESS,
                 username="admin",
                 roles=["admin"],
-                auth_method=AuthMethod.API_KEY
+                auth_method=AuthMethod.API_KEY,
             )
         elif api_key == "user_key_456":
             return AuthResult(
@@ -48,7 +52,7 @@ def mock_security_manager():
                 status=AuthStatus.SUCCESS,
                 username="user",
                 roles=["user"],
-                auth_method=AuthMethod.API_KEY
+                auth_method=AuthMethod.API_KEY,
             )
         elif api_key == "readonly_key_789":
             return AuthResult(
@@ -56,7 +60,7 @@ def mock_security_manager():
                 status=AuthStatus.SUCCESS,
                 username="readonly",
                 roles=["readonly"],
-                auth_method=AuthMethod.API_KEY
+                auth_method=AuthMethod.API_KEY,
             )
         else:
             return AuthResult(
@@ -66,9 +70,9 @@ def mock_security_manager():
                 roles=[],
                 auth_method=None,
                 error_code=-32002,
-                error_message="Invalid API key"
+                error_message="Invalid API key",
             )
-    
+
     def mock_authenticate_jwt_token(token: str) -> AuthResult:
         if token == "valid_jwt_token":
             return AuthResult(
@@ -76,7 +80,7 @@ def mock_security_manager():
                 status=AuthStatus.SUCCESS,
                 username="jwt_user",
                 roles=["user"],
-                auth_method=AuthMethod.JWT
+                auth_method=AuthMethod.JWT,
             )
         else:
             return AuthResult(
@@ -86,57 +90,50 @@ def mock_security_manager():
                 roles=[],
                 auth_method=None,
                 error_code=-32003,
-                error_message="Invalid JWT token"
+                error_message="Invalid JWT token",
             )
-    
-    def mock_check_permissions(user_roles: list, required_permissions: list) -> ValidationResult:
+
+    def mock_check_permissions(
+        user_roles: list, required_permissions: list
+    ) -> ValidationResult:
         if "admin" in user_roles:
-            return ValidationResult(
-                is_valid=True,
-                status=ValidationStatus.VALID
-            )
+            return ValidationResult(is_valid=True, status=ValidationStatus.VALID)
         elif "user" in user_roles and "read" in required_permissions:
-            return ValidationResult(
-                is_valid=True,
-                status=ValidationStatus.VALID
-            )
+            return ValidationResult(is_valid=True, status=ValidationStatus.VALID)
         elif "readonly" in user_roles and "read" in required_permissions:
-            return ValidationResult(
-                is_valid=True,
-                status=ValidationStatus.VALID
-            )
+            return ValidationResult(is_valid=True, status=ValidationStatus.VALID)
         else:
             return ValidationResult(
                 is_valid=False,
                 status=ValidationStatus.INVALID,
                 error_code=-32007,
-                error_message="Insufficient permissions"
+                error_message="Insufficient permissions",
             )
-    
+
     def mock_check_rate_limit(identifier: str) -> bool:
         # Simple rate limiting logic for testing
-        if not hasattr(mock_manager, '_request_counts'):
+        if not hasattr(mock_manager, "_request_counts"):
             mock_manager._request_counts = {}
-        
+
         if identifier not in mock_manager._request_counts:
             mock_manager._request_counts[identifier] = 0
-        
+
         mock_manager._request_counts[identifier] += 1
-        
+
         # Allow up to 100 requests per identifier
         return mock_manager._request_counts[identifier] <= 100
-    
+
     # Assign mock methods
     mock_manager.authenticate_api_key = mock_authenticate_api_key
     mock_manager.authenticate_jwt_token = mock_authenticate_jwt_token
     mock_manager.check_permissions = mock_check_permissions
     mock_manager.check_rate_limit = mock_check_rate_limit
-    
+
     # Mock other properties and methods
     mock_manager.is_authenticated = True
     mock_manager.user_roles = ["user"]
     mock_manager.effective_permissions = {"read", "write"}
-    
+
     return mock_manager
 
 
@@ -144,10 +141,10 @@ def mock_security_manager():
 def mock_security_manager_class():
     """
     Create a mock SecurityManager class for testing.
-    
+
     This fixture provides a mock class that can be used to patch
     SecurityManager imports in tests.
-    
+
     Returns:
         Mock: Mock SecurityManager class
     """
@@ -160,12 +157,12 @@ def mock_security_manager_class():
 def mock_certificate_manager():
     """
     Create a mock CertificateManager instance for testing.
-    
+
     Returns:
         Mock: Mock CertificateManager instance
     """
     mock_manager = Mock()
-    
+
     # Mock certificate validation
     mock_manager.validate_certificate_chain.return_value = True
     mock_manager.get_certificate_info.return_value = Mock(
@@ -176,10 +173,10 @@ def mock_certificate_manager():
         not_after="2024-01-01",
         key_size=2048,
         certificate_type="SERVER",
-        subject_alt_names=["test.example.com"]
+        subject_alt_names=["test.example.com"],
     )
     mock_manager.revoke_certificate.return_value = True
-    
+
     return mock_manager
 
 
@@ -187,7 +184,7 @@ def mock_certificate_manager():
 def mock_ssl_manager():
     """
     Create a mock SSLManager instance for testing.
-    
+
     Returns:
         Mock: Mock SSLManager instance
     """
@@ -202,7 +199,7 @@ def mock_ssl_manager():
 def test_config():
     """
     Create a test configuration for testing.
-    
+
     Returns:
         Dict[str, Any]: Test configuration
     """
@@ -214,24 +211,24 @@ def test_config():
                 "admin_key_123": {
                     "username": "admin",
                     "roles": ["admin"],
-                    "permissions": ["read", "write", "delete", "admin"]
+                    "permissions": ["read", "write", "delete", "admin"],
                 },
                 "user_key_456": {
                     "username": "user",
                     "roles": ["user"],
-                    "permissions": ["read", "write"]
+                    "permissions": ["read", "write"],
                 },
                 "readonly_key_789": {
                     "username": "readonly",
                     "roles": ["readonly"],
-                    "permissions": ["read"]
-                }
+                    "permissions": ["read"],
+                },
             },
             "jwt": {
                 "secret": "test_secret_key",
                 "algorithm": "HS256",
-                "expiry_hours": 24
-            }
+                "expiry_hours": 24,
+            },
         },
         "ssl": {
             "enabled": False,
@@ -239,17 +236,17 @@ def test_config():
             "key_file": None,
             "ca_cert_file": None,
             "verify_mode": "CERT_NONE",
-            "min_version": "TLSv1.2"
+            "min_version": "TLSv1.2",
         },
         "rate_limiting": {
             "enabled": True,
             "requests_per_minute": 100,
-            "window_seconds": 60
+            "window_seconds": 60,
         },
         "logging": {
             "level": "INFO",
-            "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
-        }
+            "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+        },
     }
 
 
@@ -257,21 +254,21 @@ def test_config():
 def temp_config_file(tmp_path, test_config):
     """
     Create a temporary configuration file for testing.
-    
+
     Args:
         tmp_path: Pytest temporary directory fixture
         test_config: Test configuration fixture
-        
+
     Returns:
         str: Path to temporary configuration file
     """
     import json
     import os
-    
+
     config_file = tmp_path / "test_config.json"
-    with open(config_file, 'w') as f:
+    with open(config_file, "w") as f:
         json.dump(test_config, f)
-    
+
     return str(config_file)
 
 
@@ -279,28 +276,28 @@ def temp_config_file(tmp_path, test_config):
 def patch_security_manager():
     """
     Create a patch decorator for SecurityManager.
-    
+
     Returns:
         function: Patch decorator
     """
-    return patch('mcp_security_framework.core.security_manager.SecurityManager')
+    return patch("mcp_security_framework.core.security_manager.SecurityManager")
 
 
 def patch_certificate_manager():
     """
     Create a patch decorator for CertificateManager.
-    
+
     Returns:
         function: Patch decorator
     """
-    return patch('mcp_security_framework.core.cert_manager.CertificateManager')
+    return patch("mcp_security_framework.core.cert_manager.CertificateManager")
 
 
 def patch_ssl_manager():
     """
     Create a patch decorator for SSLManager.
-    
+
     Returns:
         function: Patch decorator
     """
-    return patch('mcp_security_framework.core.ssl_manager.SSLManager')
+    return patch("mcp_security_framework.core.ssl_manager.SSLManager")