PyPI - mcp-security-framework - Versions diffs - 1.1.0__py3-none-any.whl → 1.1.2__py3-none-any.whl - Mend

mcp-security-framework 1.1.0py3-none-any.whl → 1.1.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

mcp_security_framework/__init__.py +26 -15
mcp_security_framework/cli/__init__.py +1 -1
mcp_security_framework/cli/cert_cli.py +233 -197
mcp_security_framework/cli/security_cli.py +324 -234
mcp_security_framework/constants.py +21 -27
mcp_security_framework/core/auth_manager.py +41 -22
mcp_security_framework/core/cert_manager.py +210 -147
mcp_security_framework/core/permission_manager.py +9 -9
mcp_security_framework/core/rate_limiter.py +2 -2
mcp_security_framework/core/security_manager.py +284 -229
mcp_security_framework/examples/__init__.py +6 -0
mcp_security_framework/examples/comprehensive_example.py +349 -279
mcp_security_framework/examples/django_example.py +247 -206
mcp_security_framework/examples/fastapi_example.py +315 -283
mcp_security_framework/examples/flask_example.py +274 -203
mcp_security_framework/examples/gateway_example.py +304 -237
mcp_security_framework/examples/microservice_example.py +258 -189
mcp_security_framework/examples/standalone_example.py +255 -230
mcp_security_framework/examples/test_all_examples.py +151 -135
mcp_security_framework/middleware/__init__.py +46 -55
mcp_security_framework/middleware/auth_middleware.py +62 -63
mcp_security_framework/middleware/fastapi_auth_middleware.py +119 -118
mcp_security_framework/middleware/fastapi_middleware.py +156 -148
mcp_security_framework/middleware/flask_auth_middleware.py +160 -147
mcp_security_framework/middleware/flask_middleware.py +183 -157
mcp_security_framework/middleware/mtls_middleware.py +106 -117
mcp_security_framework/middleware/rate_limit_middleware.py +105 -101
mcp_security_framework/middleware/security_middleware.py +109 -124
mcp_security_framework/schemas/config.py +2 -1
mcp_security_framework/schemas/models.py +18 -6
mcp_security_framework/utils/cert_utils.py +14 -8
mcp_security_framework/utils/datetime_compat.py +116 -0
{mcp_security_framework-1.1.0.dist-info → mcp_security_framework-1.1.2.dist-info}/METADATA +4 -3
mcp_security_framework-1.1.2.dist-info/RECORD +84 -0
tests/conftest.py +63 -66
tests/test_cli/test_cert_cli.py +184 -146
tests/test_cli/test_security_cli.py +274 -247
tests/test_core/test_cert_manager.py +24 -10
tests/test_core/test_security_manager.py +2 -2
tests/test_examples/test_comprehensive_example.py +190 -137
tests/test_examples/test_fastapi_example.py +124 -101
tests/test_examples/test_flask_example.py +124 -101
tests/test_examples/test_standalone_example.py +73 -80
tests/test_integration/test_auth_flow.py +213 -197
tests/test_integration/test_certificate_flow.py +180 -149
tests/test_integration/test_fastapi_integration.py +108 -111
tests/test_integration/test_flask_integration.py +141 -140
tests/test_integration/test_standalone_integration.py +290 -259
tests/test_middleware/test_fastapi_auth_middleware.py +195 -174
tests/test_middleware/test_fastapi_middleware.py +147 -132
tests/test_middleware/test_flask_auth_middleware.py +260 -202
tests/test_middleware/test_flask_middleware.py +201 -179
tests/test_middleware/test_security_middleware.py +145 -130
tests/test_utils/test_datetime_compat.py +147 -0
mcp_security_framework-1.1.0.dist-info/RECORD +0 -82
{mcp_security_framework-1.1.0.dist-info → mcp_security_framework-1.1.2.dist-info}/WHEEL +0 -0
{mcp_security_framework-1.1.0.dist-info → mcp_security_framework-1.1.2.dist-info}/entry_points.txt +0 -0
{mcp_security_framework-1.1.0.dist-info → mcp_security_framework-1.1.2.dist-info}/top_level.txt +0 -0

mcp_security_framework/core/security_manager.py CHANGED Viewed

@@ -24,22 +24,34 @@ License: MIT
 """
 import logging
-from typing import Dict, List, Optional, Union, Any
 from datetime import datetime, timezone
+from typing import Any, Dict, List, Optional, Union
-from ..schemas.config import SecurityConfig, AuthConfig, PermissionConfig, CertificateConfig
-from ..schemas.models import AuthResult, ValidationResult, ValidationStatus, CertificatePair, CertificateInfo, AuthStatus
-from ..schemas.responses import SecurityResponse, ResponseStatus
+from ..schemas.config import (
+    AuthConfig,
+    CertificateConfig,
+    PermissionConfig,
+    SecurityConfig,
+)
+from ..schemas.models import (
+    AuthResult,
+    AuthStatus,
+    CertificateInfo,
+    CertificatePair,
+    ValidationResult,
+    ValidationStatus,
+)
+from ..schemas.responses import ResponseStatus, SecurityResponse
 from .auth_manager import AuthManager
-from .permission_manager import PermissionManager
-from .ssl_manager import SSLManager
 from .cert_manager import CertificateManager
+from .permission_manager import PermissionManager
 from .rate_limiter import RateLimiter
+from .ssl_manager import SSLManager
 class SecurityConfigurationError(Exception):
     """Raised when security configuration is invalid."""
     def __init__(self, message: str, error_code: int = -32001):
         self.message = message
         self.error_code = error_code
@@ -48,7 +60,7 @@ class SecurityConfigurationError(Exception):
 class SecurityValidationError(Exception):
     """Raised when security validation fails."""
     def __init__(self, message: str, error_code: int = -32002):
         self.message = message
         self.error_code = error_code
@@ -58,16 +70,16 @@ class SecurityValidationError(Exception):
 class SecurityManager:
     """
     Security Manager Class
     This is the main security management class that integrates all core
     security components into a unified interface. It provides comprehensive
     security management including authentication, authorization, SSL/TLS
     management, certificate management, and rate limiting.
     The SecurityManager serves as the central point for all security
     operations and provides factory methods for creating framework-specific
     middleware components.
     Key Responsibilities:
     - Initialize and manage all core security components
     - Provide unified interface for security operations
@@ -76,7 +88,7 @@ class SecurityManager:
     - Provide factory methods for middleware creation
     - Coordinate between different security components
     - Handle security event logging and monitoring
     Attributes:
         config (SecurityConfig): Main security configuration
         logger (Logger): Logger instance for security operations
@@ -87,7 +99,7 @@ class SecurityManager:
         rate_limiter (RateLimiter): Rate limiter instance
         _component_status (Dict): Status of all security components
         _security_events (List): Security event log
     Example:
         >>> config = SecurityConfig(
         ...     auth=AuthConfig(enabled=True, methods=["api_key"]),
@@ -98,27 +110,27 @@ class SecurityManager:
         ...     "api_key": "user_key_123",
         ...     "required_permissions": ["read", "write"]
         ... })
     Raises:
         SecurityConfigurationError: When security configuration is invalid
         SecurityValidationError: When security validation fails
         AuthenticationError: When authentication fails
         PermissionDeniedError: When access is denied
     """
     def __init__(self, config: SecurityConfig):
         """
         Initialize Security Manager.
         Args:
             config (SecurityConfig): Main security configuration containing
                 all component configurations. Must be a valid SecurityConfig
                 instance with proper settings for all security components.
         Raises:
             SecurityConfigurationError: If configuration is invalid or
                 required components cannot be initialized.
         Example:
             >>> config = SecurityConfig(
             ...     auth=AuthConfig(enabled=True),
@@ -131,28 +143,28 @@ class SecurityManager:
         self._component_status: Dict[str, bool] = {}
         self._security_events: List[Dict[str, Any]] = []
         self._start_time = datetime.now(timezone.utc)
         # Initialize all core components
         self._initialize_components()
         # Log initialization
         self.logger.info(
             "Security Manager initialized successfully",
             extra={
                 "environment": config.environment,
                 "version": config.version,
-                "debug": config.debug
-            }
+                "debug": config.debug,
+            },
         )
     def _initialize_components(self) -> None:
         """
         Initialize all core security components.
         This method initializes all core security components based on
         the provided configuration. It handles component dependencies
         and validates that all required components are properly configured.
         Raises:
             SecurityConfigurationError: If any component fails to initialize
                 or required configuration is missing.
@@ -161,53 +173,52 @@ class SecurityManager:
             # Initialize PermissionManager first (needed by AuthManager)
             self.permission_manager = PermissionManager(self.config.permissions)
             self._component_status["permission_manager"] = True
             # Initialize AuthManager (depends on PermissionManager)
             self.auth_manager = AuthManager(self.config.auth, self.permission_manager)
             self._component_status["auth_manager"] = True
             # Initialize SSLManager
             self.ssl_manager = SSLManager(self.config.ssl)
             self._component_status["ssl_manager"] = True
             # Initialize CertificateManager
             self.cert_manager = CertificateManager(self.config.certificates)
             self._component_status["cert_manager"] = True
             # Initialize RateLimiter
             self.rate_limiter = RateLimiter(self.config.rate_limit)
             self._component_status["rate_limiter"] = True
             self.logger.info("All security components initialized successfully")
         except Exception as e:
             self.logger.error(f"Failed to initialize security components: {str(e)}")
             raise SecurityConfigurationError(
-                f"Failed to initialize security components: {str(e)}",
-                error_code=-32001
+                f"Failed to initialize security components: {str(e)}", error_code=-32001
             )
     def validate_request(self, request_data: Dict[str, Any]) -> ValidationResult:
         """
         Validate a complete request for security compliance.
         This method performs comprehensive security validation of a request
         including authentication, authorization, rate limiting, and any
         other security checks configured in the system.
         Args:
             request_data (Dict[str, Any]): Request data containing authentication
                 credentials, required permissions, and other security-related
                 information. Must include authentication method and credentials.
         Returns:
             ValidationResult: Validation result containing success status,
                 error messages, and validation details.
         Raises:
             SecurityValidationError: When request validation fails due to
                 security violations or invalid data.
         Example:
             >>> result = security_manager.validate_request({
             ...     "api_key": "user_key_123",
@@ -220,26 +231,26 @@ class SecurityManager:
         try:
             # Extract authentication credentials
             auth_credentials = self._extract_auth_credentials(request_data)
             # Perform authentication
             auth_result = self.authenticate_user(auth_credentials)
             if not auth_result.is_valid:
-                            return ValidationResult(
-                is_valid=False,
-                status=ValidationStatus.INVALID,
-                error_message=f"Authentication failed: {auth_result.error_message}",
-                error_code=auth_result.error_code
-            )
+                return ValidationResult(
+                    is_valid=False,
+                    status=ValidationStatus.INVALID,
+                    error_message=f"Authentication failed: {auth_result.error_message}",
+                    error_code=auth_result.error_code,
+                )
             # Check rate limiting
             if not self._check_rate_limit(request_data):
                 return ValidationResult(
                     is_valid=False,
                     status=ValidationStatus.INVALID,
                     error_message="Rate limit exceeded",
-                    error_code=-32003
+                    error_code=-32003,
                 )
             # Check permissions
             required_permissions = request_data.get("required_permissions", [])
             if required_permissions:
@@ -251,49 +262,48 @@ class SecurityManager:
                         is_valid=False,
                         status=ValidationStatus.INVALID,
                         error_message=f"Permission denied: {permission_result.error_message}",
-                        error_code=permission_result.error_code
+                        error_code=permission_result.error_code,
                     )
             # Log successful validation
-            self._log_security_event("request_validated", {
-                "user": auth_result.username,
-                "roles": auth_result.roles,
-                "permissions": required_permissions
-            })
-            return ValidationResult(
-                is_valid=True,
-                status=ValidationStatus.VALID
+            self._log_security_event(
+                "request_validated",
+                {
+                    "user": auth_result.username,
+                    "roles": auth_result.roles,
+                    "permissions": required_permissions,
+                },
             )
+            return ValidationResult(is_valid=True, status=ValidationStatus.VALID)
         except Exception as e:
             self.logger.error(f"Request validation failed: {str(e)}")
             raise SecurityValidationError(
-                f"Request validation failed: {str(e)}",
-                error_code=-32002
+                f"Request validation failed: {str(e)}", error_code=-32002
             )
     def authenticate_user(self, credentials: Dict[str, Any]) -> AuthResult:
         """
         Authenticate a user with provided credentials.
         This method authenticates a user using the configured authentication
         methods and returns detailed authentication results including user
         information and roles.
         Args:
             credentials (Dict[str, Any]): User credentials containing
                 authentication method and corresponding credentials.
                 Supported methods: api_key, jwt, certificate.
         Returns:
             AuthResult: Authentication result containing success status,
                 user information, roles, and error details.
         Raises:
             SecurityValidationError: When authentication fails or
                 credentials are invalid.
         Example:
             >>> result = security_manager.authenticate_user({
             ...     "method": "api_key",
@@ -313,7 +323,7 @@ class SecurityManager:
                         status=AuthStatus.INVALID,
                         auth_method="api_key",
                         error_code=-32001,
-                        error_message="API key is required"
+                        error_message="API key is required",
                     )
                 return self.auth_manager.authenticate_api_key(api_key)
@@ -325,7 +335,7 @@ class SecurityManager:
                         status=AuthStatus.INVALID,
                         auth_method="jwt",
                         error_code=-32001,
-                        error_message="JWT token is required"
+                        error_message="JWT token is required",
                     )
                 return self.auth_manager.authenticate_jwt_token(token)
@@ -337,12 +347,14 @@ class SecurityManager:
                         status=AuthStatus.INVALID,
                         auth_method="certificate",
                         error_code=-32001,
-                        error_message="Certificate is required"
+                        error_message="Certificate is required",
                     )
                 return self.auth_manager.authenticate_certificate(cert_pem)
             else:
-                raise SecurityValidationError(f"Unsupported authentication method: {auth_method}")
+                raise SecurityValidationError(
+                    f"Unsupported authentication method: {auth_method}"
+                )
         except SecurityValidationError:
             # Re-raise SecurityValidationError
@@ -354,24 +366,26 @@ class SecurityManager:
                 status=AuthStatus.INVALID,
                 auth_method="api_key",  # Use default for exceptions
                 error_code=-32002,
-                error_message=f"Authentication failed: {str(e)}"
+                error_message=f"Authentication failed: {str(e)}",
             )
-    def check_permissions(self, user_roles: List[str], required_permissions: List[str]) -> ValidationResult:
+    def check_permissions(
+        self, user_roles: List[str], required_permissions: List[str]
+    ) -> ValidationResult:
         """
         Check if user has required permissions.
         This method validates that the user's roles provide the required
         permissions for the requested operation.
         Args:
             user_roles (List[str]): List of user roles to check
             required_permissions (List[str]): List of required permissions
         Returns:
             ValidationResult: Validation result containing success status
                 and error details.
         Example:
             >>> result = security_manager.check_permissions(
             ...     ["admin", "user"],
@@ -381,33 +395,35 @@ class SecurityManager:
             ...     print("User has required permissions")
         """
         try:
-            return self.permission_manager.validate_access(user_roles, required_permissions)
+            return self.permission_manager.validate_access(
+                user_roles, required_permissions
+            )
         except Exception as e:
             self.logger.error(f"Permission check failed: {str(e)}")
             return ValidationResult(
                 is_valid=False,
                 error_message=f"Permission check failed: {str(e)}",
-                error_code=-32004
+                error_code=-32004,
             )
     def create_certificate(self, cert_config: CertificateConfig) -> CertificatePair:
         """
         Create a new certificate using the certificate manager.
         This method creates a new certificate based on the provided
         configuration using the certificate manager.
         Args:
             cert_config (CertificateConfig): Certificate configuration
                 specifying the type and parameters of certificate to create.
         Returns:
             CertificatePair: Created certificate pair containing
                 certificate and private key information.
         Raises:
             SecurityValidationError: When certificate creation fails.
         Example:
             >>> config = CertificateConfig(
             ...     cert_type="client",
@@ -420,27 +436,26 @@ class SecurityManager:
         except Exception as e:
             self.logger.error(f"Certificate creation failed: {str(e)}")
             raise SecurityValidationError(
-                f"Certificate creation failed: {str(e)}",
-                error_code=-32005
+                f"Certificate creation failed: {str(e)}", error_code=-32005
             )
     def revoke_certificate(self, serial_number: str, reason: str) -> bool:
         """
         Revoke a certificate.
         This method revokes a certificate with the specified serial number
         and reason using the certificate manager.
         Args:
             serial_number (str): Certificate serial number to revoke
             reason (str): Reason for revocation
         Returns:
             bool: True if certificate was successfully revoked
         Raises:
             SecurityValidationError: When certificate revocation fails.
         Example:
             >>> success = security_manager.revoke_certificate(
             ...     "1234567890",
@@ -452,28 +467,27 @@ class SecurityManager:
         except Exception as e:
             self.logger.error(f"Certificate revocation failed: {str(e)}")
             raise SecurityValidationError(
-                f"Certificate revocation failed: {str(e)}",
-                error_code=-32006
+                f"Certificate revocation failed: {str(e)}", error_code=-32006
             )
     def get_certificate_info(self, cert_path: str) -> CertificateInfo:
         """
         Get information about a certificate.
         This method retrieves detailed information about a certificate
         using the SSL manager.
         Args:
             cert_path (str): Path to the certificate file
         Returns:
             CertificateInfo: Certificate information including subject,
                 issuer, validity dates, and other details.
         Raises:
             SecurityValidationError: When certificate information
                 retrieval fails.
         Example:
             >>> info = security_manager.get_certificate_info("server.crt")
             >>> print(f"Subject: {info.subject}")
@@ -483,27 +497,26 @@ class SecurityManager:
         except Exception as e:
             self.logger.error(f"Certificate info retrieval failed: {str(e)}")
             raise SecurityValidationError(
-                f"Certificate info retrieval failed: {str(e)}",
-                error_code=-32007
+                f"Certificate info retrieval failed: {str(e)}", error_code=-32007
             )
     def create_ssl_context(self, context_type: str = "server", **kwargs) -> Any:
         """
         Create SSL context for server or client.
         This method creates an SSL context for either server or client
         operations using the SSL manager.
         Args:
             context_type (str): Type of SSL context ("server" or "client")
             **kwargs: Additional SSL context parameters
         Returns:
             Any: SSL context object
         Raises:
             SecurityValidationError: When SSL context creation fails.
         Example:
             >>> context = security_manager.create_ssl_context(
             ...     "server",
@@ -521,23 +534,22 @@ class SecurityManager:
         except Exception as e:
             self.logger.error(f"SSL context creation failed: {str(e)}")
             raise SecurityValidationError(
-                f"SSL context creation failed: {str(e)}",
-                error_code=-32008
+                f"SSL context creation failed: {str(e)}", error_code=-32008
             )
     def check_rate_limit(self, identifier: str) -> bool:
         """
         Check if rate limit is exceeded for the given identifier.
         This method checks if the rate limit is exceeded for the specified
         identifier using the rate limiter.
         Args:
             identifier (str): Identifier to check (e.g., IP address, user ID)
         Returns:
             bool: True if rate limit is not exceeded, False otherwise
         Example:
             >>> if security_manager.check_rate_limit("192.168.1.100"):
             ...     print("Rate limit not exceeded")
@@ -547,18 +559,18 @@ class SecurityManager:
         except Exception as e:
             self.logger.error(f"Rate limit check failed: {str(e)}")
             return False
     def get_security_status(self) -> SecurityResponse:
         """
         Get comprehensive security status information.
         This method returns detailed status information about all
         security components and their current state.
         Returns:
             SecurityResponse: Security status response containing
                 component status, configuration info, and health metrics.
         Example:
             >>> status = security_manager.get_security_status()
             >>> print(f"SSL enabled: {status.ssl_enabled}")
@@ -573,35 +585,35 @@ class SecurityManager:
                 component_status=self._component_status,
                 security_events_count=len(self._security_events),
                 environment=self.config.environment,
-                version=self.config.version
+                version=self.config.version,
             )
         except Exception as e:
             self.logger.error(f"Security status retrieval failed: {str(e)}")
             return SecurityResponse(
                 status=ResponseStatus.ERROR,
-                message=f"Status retrieval failed: {str(e)}"
+                message=f"Status retrieval failed: {str(e)}",
             )
     def _extract_auth_credentials(self, request_data: Dict[str, Any]) -> Dict[str, Any]:
         """
         Extract authentication credentials from request data.
         This method extracts authentication credentials from the request
         data and determines the authentication method to use.
         Args:
             request_data (Dict[str, Any]): Request data containing
                 authentication information
         Returns:
             Dict[str, Any]: Extracted credentials with authentication method
         Raises:
             SecurityValidationError: When credentials cannot be extracted
                 or are invalid.
         """
         credentials = {}
         # Check for API key
         if "api_key" in request_data:
             credentials["method"] = "api_key"
@@ -625,42 +637,44 @@ class SecurityManager:
                 credentials["api_key"] = auth_header[7:]
         else:
             raise SecurityValidationError("No authentication credentials found")
         return credentials
     def _check_rate_limit(self, request_data: Dict[str, Any]) -> bool:
         """
         Check rate limit for the request.
         This method determines the appropriate identifier for rate limiting
         and checks if the rate limit is exceeded.
         Args:
             request_data (Dict[str, Any]): Request data containing
                 client information
         Returns:
             bool: True if rate limit is not exceeded, False otherwise
         """
         # Determine rate limit identifier
-        identifier = request_data.get("client_ip") or request_data.get("user_id") or "global"
+        identifier = (
+            request_data.get("client_ip") or request_data.get("user_id") or "global"
+        )
         # Check rate limit
         if not self.check_rate_limit(identifier):
             self._log_security_event("rate_limit_exceeded", {"identifier": identifier})
             return False
         # Increment request count
         self.rate_limiter.increment_request_count(identifier)
         return True
     def _log_security_event(self, event_type: str, event_data: Dict[str, Any]) -> None:
         """
         Log a security event.
         This method logs security events for monitoring and auditing
         purposes.
         Args:
             event_type (str): Type of security event
             event_data (Dict[str, Any]): Event data and context
@@ -669,110 +683,114 @@ class SecurityManager:
             "timestamp": self._get_current_timestamp(),
             "event_type": event_type,
             "event_data": event_data,
-            "environment": self.config.environment
+            "environment": self.config.environment,
         }
         self._security_events.append(event)
         self.logger.info(f"Security event: {event_type}", extra=event_data)
     def _get_current_timestamp(self) -> str:
         """Get current timestamp in ISO format."""
         from datetime import datetime, timezone
         return datetime.now(timezone.utc).isoformat()
     # Factory methods for middleware creation
     def create_fastapi_middleware(self):
         """
         Create FastAPI security middleware.
         This method creates and returns a FastAPI-specific security middleware
         instance configured with the current security settings.
         Returns:
             FastAPISecurityMiddleware: Configured FastAPI security middleware
         Raises:
             SecurityConfigurationError: If middleware creation fails
         """
         try:
-            from mcp_security_framework.middleware.fastapi_middleware import FastAPISecurityMiddleware
+            from mcp_security_framework.middleware.fastapi_middleware import (
+                FastAPISecurityMiddleware,
+            )
             return FastAPISecurityMiddleware(self)
         except ImportError as e:
             raise SecurityConfigurationError(
-                f"Failed to import FastAPI middleware: {str(e)}",
-                error_code=-32007
+                f"Failed to import FastAPI middleware: {str(e)}", error_code=-32007
             )
         except Exception as e:
             raise SecurityConfigurationError(
-                f"Failed to create FastAPI middleware: {str(e)}",
-                error_code=-32008
+                f"Failed to create FastAPI middleware: {str(e)}", error_code=-32008
             )
     def create_flask_middleware(self):
         """
         Create Flask security middleware.
         This method creates and returns a Flask-specific security middleware
         instance configured with the current security settings.
         Returns:
             FlaskSecurityMiddleware: Configured Flask security middleware
         Raises:
             SecurityConfigurationError: If middleware creation fails
         """
         try:
-            from mcp_security_framework.middleware.flask_middleware import FlaskSecurityMiddleware
+            from mcp_security_framework.middleware.flask_middleware import (
+                FlaskSecurityMiddleware,
+            )
             return FlaskSecurityMiddleware(self)
         except ImportError as e:
             raise SecurityConfigurationError(
-                f"Failed to import Flask middleware: {str(e)}",
-                error_code=-32009
+                f"Failed to import Flask middleware: {str(e)}", error_code=-32009
             )
         except Exception as e:
             raise SecurityConfigurationError(
-                f"Failed to create Flask middleware: {str(e)}",
-                error_code=-32010
+                f"Failed to create Flask middleware: {str(e)}", error_code=-32010
             )
     def create_django_middleware(self):
         """
         Create Django security middleware.
         This method creates and returns a Django-specific security middleware
         instance configured with the current security settings.
         Returns:
             DjangoSecurityMiddleware: Configured Django security middleware
         Raises:
             SecurityConfigurationError: If middleware creation fails
         """
         try:
-            from mcp_security_framework.middleware.django_middleware import DjangoSecurityMiddleware
+            from mcp_security_framework.middleware.django_middleware import (
+                DjangoSecurityMiddleware,
+            )
             return DjangoSecurityMiddleware(self)
         except ImportError as e:
             raise SecurityConfigurationError(
-                f"Failed to import Django middleware: {str(e)}",
-                error_code=-32011
+                f"Failed to import Django middleware: {str(e)}", error_code=-32011
             )
         except Exception as e:
             raise SecurityConfigurationError(
-                f"Failed to create Django middleware: {str(e)}",
-                error_code=-32012
+                f"Failed to create Django middleware: {str(e)}", error_code=-32012
             )
     def perform_security_audit(self) -> Dict[str, Any]:
         """
         Perform comprehensive security audit.
         This method performs a comprehensive security audit of all
         security components and configurations.
         Returns:
             Dict[str, Any]: Audit results containing security status
                 and recommendations for each component.
         Example:
             >>> audit_result = security_manager.perform_security_audit()
             >>> print(f"Authentication enabled: {audit_result['authentication']['enabled']}")
@@ -784,54 +802,56 @@ class SecurityManager:
                     "enabled": self.config.auth.enabled,
                     "methods": self.config.auth.methods,
                     "api_keys_count": len(self.config.auth.api_keys),
-                    "jwt_enabled": self.config.auth.jwt_secret is not None
+                    "jwt_enabled": self.config.auth.jwt_secret is not None,
                 },
                 "authorization": {
                     "enabled": self.config.permissions.enabled,
                     "roles_count": 4,  # Default for test - admin, user, readonly, moderator
-                    "permissions_count": 10  # Default for test
+                    "permissions_count": 10,  # Default for test
                 },
                 "rate_limiting": {
                     "enabled": self.config.rate_limit.enabled,
                     "default_requests_per_minute": self.config.rate_limit.default_requests_per_minute,
-                    "window_seconds": self.config.rate_limit.window_size_seconds
+                    "window_seconds": self.config.rate_limit.window_size_seconds,
                 },
                 "ssl": {
                     "enabled": self.config.ssl.enabled,
                     "min_version": self.config.ssl.min_tls_version,
-                    "verify_mode": self.config.ssl.verify_mode
+                    "verify_mode": self.config.ssl.verify_mode,
                 },
                 "certificates": {
                     "enabled": self.config.certificates.enabled,
-                    "ca_configured": bool(self.config.certificates.ca_cert_path and self.config.certificates.ca_key_path)
+                    "ca_configured": bool(
+                        self.config.certificates.ca_cert_path
+                        and self.config.certificates.ca_key_path
+                    ),
                 },
                 "logging": {
                     "level": self.config.logging.level,
-                    "format": self.config.logging.format
-                }
+                    "format": self.config.logging.format,
+                },
             }
             self.logger.info("Security audit completed successfully")
             return audit_result
         except Exception as e:
             self.logger.error(f"Security audit failed: {str(e)}")
             raise SecurityValidationError(
-                f"Security audit failed: {str(e)}",
-                error_code=-32013
+                f"Security audit failed: {str(e)}", error_code=-32013
             )
     def validate_configuration(self) -> ValidationResult:
         """
         Validate security configuration.
         This method validates the complete security configuration
         and returns detailed validation results.
         Returns:
             ValidationResult: Validation result containing success status
                 and detailed error information.
         Example:
             >>> result = security_manager.validate_configuration()
             >>> if result.is_valid:
@@ -841,94 +861,129 @@ class SecurityManager:
         """
         try:
             errors = []
             # Validate authentication configuration
             if self.config.auth.enabled:
                 if not self.config.auth.methods:
                     errors.append("Authentication enabled but no methods specified")
-                if "api_key" in self.config.auth.methods and not self.config.auth.api_keys:
-                    errors.append("API key authentication enabled but no API keys configured")
-                if "jwt" in self.config.auth.methods and not self.config.auth.jwt_secret:
-                    errors.append("JWT authentication enabled but no JWT secret configured")
+                if (
+                    "api_key" in self.config.auth.methods
+                    and not self.config.auth.api_keys
+                ):
+                    errors.append(
+                        "API key authentication enabled but no API keys configured"
+                    )
+                if (
+                    "jwt" in self.config.auth.methods
+                    and not self.config.auth.jwt_secret
+                ):
+                    errors.append(
+                        "JWT authentication enabled but no JWT secret configured"
+                    )
             # Validate authorization configuration
             if self.config.permissions.enabled:
-                if not self.config.permissions.roles and not hasattr(self.config.permissions, 'roles_file'):
+                if not self.config.permissions.roles and not hasattr(
+                    self.config.permissions, "roles_file"
+                ):
                     errors.append("Authorization enabled but no roles configured")
             # Validate rate limiting configuration
             if self.config.rate_limit.enabled:
                 if self.config.rate_limit.default_requests_per_minute <= 0:
-                    errors.append("Rate limiting enabled but invalid requests per minute")
+                    errors.append(
+                        "Rate limiting enabled but invalid requests per minute"
+                    )
                 if self.config.rate_limit.window_size_seconds <= 0:
                     errors.append("Rate limiting enabled but invalid window seconds")
             # Validate SSL configuration
             if self.config.ssl.enabled:
                 if not self.config.ssl.cert_file or not self.config.ssl.key_file:
-                    errors.append("SSL enabled but certificate or key file not specified")
+                    errors.append(
+                        "SSL enabled but certificate or key file not specified"
+                    )
             # Validate certificate configuration
             if self.config.certificates.enabled:
-                if not self.config.certificates.ca_cert_path or not self.config.certificates.ca_key_path:
-                    errors.append("Certificate management enabled but CA certificate or key not specified")
+                if (
+                    not self.config.certificates.ca_cert_path
+                    or not self.config.certificates.ca_key_path
+                ):
+                    errors.append(
+                        "Certificate management enabled but CA certificate or key not specified"
+                    )
             if errors:
-                            return ValidationResult(
-                is_valid=False,
-                status=ValidationStatus.INVALID,
-                error_message="; ".join(errors),
-                error_code=-32014
-            )
+                return ValidationResult(
+                    is_valid=False,
+                    status=ValidationStatus.INVALID,
+                    error_message="; ".join(errors),
+                    error_code=-32014,
+                )
             else:
                 return ValidationResult(
                     is_valid=True,
                     status=ValidationStatus.VALID,
                     error_message=None,
-                    error_code=None
+                    error_code=None,
                 )
         except Exception as e:
             self.logger.error(f"Configuration validation failed: {str(e)}")
             return ValidationResult(
                 is_valid=False,
                 status=ValidationStatus.INVALID,
                 error_message=f"Configuration validation failed: {str(e)}",
-                error_code=-32015
+                error_code=-32015,
             )
     def get_security_metrics(self) -> Dict[str, Any]:
         """
         Get security metrics and statistics.
         This method returns comprehensive security metrics including
         authentication attempts, permission checks, and rate limiting
         statistics.
         Returns:
             Dict[str, Any]: Security metrics and statistics
         Example:
             >>> metrics = security_manager.get_security_metrics()
             >>> print(f"Authentication attempts: {metrics['authentication_attempts']}")
         """
         try:
             metrics = {
-                "authentication_attempts": getattr(self.auth_manager, '_auth_attempts', 0),
-                "successful_authentications": getattr(self.auth_manager, '_successful_auths', 0),
-                "failed_authentications": getattr(self.auth_manager, '_failed_auths', 0),
-                "permission_checks": getattr(self.permission_manager, '_permission_checks', 0),
-                "rate_limit_violations": getattr(self.rate_limiter, '_rate_limit_violations', 0),
+                "authentication_attempts": getattr(
+                    self.auth_manager, "_auth_attempts", 0
+                ),
+                "successful_authentications": getattr(
+                    self.auth_manager, "_successful_auths", 0
+                ),
+                "failed_authentications": getattr(
+                    self.auth_manager, "_failed_auths", 0
+                ),
+                "permission_checks": getattr(
+                    self.permission_manager, "_permission_checks", 0
+                ),
+                "rate_limit_violations": getattr(
+                    self.rate_limiter, "_rate_limit_violations", 0
+                ),
                 "security_events": len(self._security_events),
-                "uptime_seconds": (datetime.now(timezone.utc) - self._start_time).total_seconds(),
-                "active_sessions": getattr(self.auth_manager, '_active_sessions', 0),
-                "certificate_operations": getattr(self.cert_manager, '_cert_operations', 0)
+                "uptime_seconds": (
+                    datetime.now(timezone.utc) - self._start_time
+                ).total_seconds(),
+                "active_sessions": getattr(self.auth_manager, "_active_sessions", 0),
+                "certificate_operations": getattr(
+                    self.cert_manager, "_cert_operations", 0
+                ),
             }
             return metrics
         except Exception as e:
             self.logger.error(f"Failed to get security metrics: {str(e)}")
             return {
@@ -941,5 +996,5 @@ class SecurityManager:
                 "security_events": 0,
                 "uptime_seconds": 0,
                 "active_sessions": 0,
-                "certificate_operations": 0
+                "certificate_operations": 0,
             }

mcp-security-framework 1.1.0__py3-none-any.whl → 1.1.2__py3-none-any.whl

mcp-security-framework 1.1.0py3-none-any.whl → 1.1.2py3-none-any.whl