PyPI - mcp-security-framework - Versions diffs - 1.1.2__py3-none-any.whl → 1.2.1__py3-none-any.whl - Mend

mcp-security-framework 1.1.2py3-none-any.whl → 1.2.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

{mcp_security_framework-1.1.2.dist-info → mcp_security_framework-1.2.1.dist-info}/RECORD RENAMED Viewed

@@ -1,15 +1,15 @@
-mcp_security_framework/__init__.py,sha256=TM8y71Navd_6woEab2cO07MefRsL0tRBItEYfVO7DS8,3172
+mcp_security_framework/__init__.py,sha256=wRlT28hRsnSZCUVNGtU-KggRk66KzSQl4agKOxE5ZCA,3172
 mcp_security_framework/constants.py,sha256=k7NMSrgc83Cci8aoilybQxdC7jir7J-mVFE_EpqVrDk,5307
 mcp_security_framework/cli/__init__.py,sha256=plpWdiWMp2dcLvUuGwXynRg5CDjz8YKnNTBn7lcta08,369
-mcp_security_framework/cli/cert_cli.py,sha256=ME8RgTBrjNvOAMPVnXGLr3cbTpOZ2NN4Ei1SouGRPQs,18297
+mcp_security_framework/cli/cert_cli.py,sha256=LdZ3SYKM3e3dP5LsVR5Y0OENtlG0ENu64aHefHjuiN8,23818
 mcp_security_framework/cli/security_cli.py,sha256=Thine_Zzfesz7j29y2k_XZFYUK5YSrhCc6w2FilgEiE,28486
 mcp_security_framework/core/__init__.py,sha256=LiX8_M5qWiTXccJFjSLxup9emhklp-poq57SvznsKEg,1729
-mcp_security_framework/core/auth_manager.py,sha256=vCa6YBlz7P_vmif-KGWrCCUE54bHO5F3jN-bDJF2o9Y,38909
-mcp_security_framework/core/cert_manager.py,sha256=s625nyMsmrglT7QaqRZtX4oAJVKla5zu0sptHmXJnh4,78750
+mcp_security_framework/core/auth_manager.py,sha256=GqGAW83Qg1_z2HJ0-FEVTmlli_DBSOPOap2jJMEU1_k,39882
+mcp_security_framework/core/cert_manager.py,sha256=RJgZxElPgMV15Lj_N2uCyO7Ofb9z-MclM1hf8wzFwSc,88882
 mcp_security_framework/core/permission_manager.py,sha256=SADS_oXpwp9MhXHKJMCsvjEq8KWcz7vPYL05Yr-zfio,26478
 mcp_security_framework/core/rate_limiter.py,sha256=6qjVBxK2YHouSxQuCcbr0PBpRqA5toQss_Ce178RElY,20682
 mcp_security_framework/core/security_manager.py,sha256=mAF-5znqxin-MSSgXISB7t1kTkqHltEqGzzmlLAhRGs,37766
-mcp_security_framework/core/ssl_manager.py,sha256=nCDrukaELONQs_uAfb30g69HDxRp2u4k0Bpq8eJH6Zo,27718
+mcp_security_framework/core/ssl_manager.py,sha256=SXuN5PMTAnMNz04CEKzHbxRKjzF-VqvS-QCFhV-wFeo,29133
 mcp_security_framework/examples/__init__.py,sha256=nfYPVvIQ5wHuDkQvyCYDd1VjCsZMw9HnvjeUORqKyuQ,1915
 mcp_security_framework/examples/comprehensive_example.py,sha256=6CXkqLFjWIQ2rRMYPnDrBdBuWFKbeu2gd2GI_SFVjds,35421
 mcp_security_framework/examples/django_example.py,sha256=IHk-aHsah-cEHjvsngUx91lup1aRC8W9XHzK6jfOMdA,24628
@@ -25,16 +25,16 @@ mcp_security_framework/middleware/fastapi_auth_middleware.py,sha256=LWVEn90I1XpV
 mcp_security_framework/middleware/fastapi_middleware.py,sha256=Ye0qJsEMwgeUqVJpqXgbjJJbbf-ZU-6SysMQPmQba-s,26658
 mcp_security_framework/middleware/flask_auth_middleware.py,sha256=ubBlKO0ponOV_KuxkUK4xGcSoslXTaikrdsIZQtGeV0,20228
 mcp_security_framework/middleware/flask_middleware.py,sha256=Ag0zYDKwlvU78LBQ-7Za14IYOAlEVZaXJPD0Qc4MUvA,20666
-mcp_security_framework/middleware/mtls_middleware.py,sha256=iCOX3PVro49GMlTSUtYQFaWLrqtqoWPgI5DEa6Cnst4,13881
+mcp_security_framework/middleware/mtls_middleware.py,sha256=WSyWIk1fCN96hkofODKj_kzLG0d7A0NmDnTr3HHZ5xw,14213
 mcp_security_framework/middleware/rate_limit_middleware.py,sha256=deCwwigI0Pt7pBUnk2jDurI9ZyjujWTsexEWWndXm3g,13177
 mcp_security_framework/middleware/security_middleware.py,sha256=PQ251Fr2UrYVPgGfhXq6QJyqK2tRk0WCIg9_FBvfVkg,16844
 mcp_security_framework/schemas/__init__.py,sha256=lefkbRlbj2ICfasSj51MQ04o3z1YycnbnknSJCFfXbU,2590
-mcp_security_framework/schemas/config.py,sha256=kpJJBupR4ZpQyouZyxiZqm7U7AHfLoGncuRltpo_QEM,25825
-mcp_security_framework/schemas/models.py,sha256=n-Ug8O1cpMeA0mIdOd9h1i3kkBZOJsCQMxj3IcNpBFY,26957
+mcp_security_framework/schemas/config.py,sha256=SUUrpOz9ZTIhZG9Fu2Gsz86yxoGbUt00Qk-Qk_GaTus,26819
+mcp_security_framework/schemas/models.py,sha256=Izjy3I55zjMVLsVZpXZ0M4aK3SCks9sC2U1cbxrXYeI,28439
 mcp_security_framework/schemas/responses.py,sha256=nVXaqF5GTSprXTa_wiUEu38nvSw9WAXtKViAJNbO-Xg,23206
 mcp_security_framework/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mcp_security_framework/utils/__init__.py,sha256=wwwdmQYHTSz0Puvs9FD6aIKmWp3NFARe3JPWNH-b_wk,3098
-mcp_security_framework/utils/cert_utils.py,sha256=DNzCqFKbFgYvQxxUUJPgeWe1XCnM4DpUBDqQYRYtlOQ,17266
+mcp_security_framework/utils/cert_utils.py,sha256=4AHNrfL0Oqp354aEq5H2_0XLT7v3mNOnTVDV-DLaJyI,27585
 mcp_security_framework/utils/crypto_utils.py,sha256=OH2V7_C3FjStxFTIXMUPfNXZuWG2-QjgoBrIH4Lv4p0,12392
 mcp_security_framework/utils/datetime_compat.py,sha256=ool-xs-EevhuYygdzhiAenLAacLuZwGwjPkF43i-9gg,3859
 mcp_security_framework/utils/validation_utils.py,sha256=e9BX3kw9gdXSmFsc7lmG-qnzSlK0-Ynn7Xs4uKHquF4,16279
@@ -44,7 +44,7 @@ tests/test_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/test_cli/test_cert_cli.py,sha256=Rm7z-20VAvnmYKY3sgxS-qVNks1vbniQJSpSxjsx_wo,14677
 tests/test_cli/test_security_cli.py,sha256=Bpd31IPJSUl_V1Xzy74ZCOvQpwlbj8Da83C46T8Jewg,25569
 tests/test_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/test_core/test_auth_manager.py,sha256=tyJUe3yBP95SFwbhSr_IloKhEQw0BuEdvjAC1Hnwu4s,22540
+tests/test_core/test_auth_manager.py,sha256=7Z2DLfJLqKtiwX5Q-lR85hN6NxHbE2Q_FT7IsoyKPQk,22568
 tests/test_core/test_cert_manager.py,sha256=4YMAkRedkAZW3PEZYEbo1PyrzMntUrKfl7arPsHXDCE,36356
 tests/test_core/test_permission_manager.py,sha256=0XeghWXZqVpKyyRuhuDu1dkLUSwuZaFWkRQxQhkkFVI,14966
 tests/test_core/test_rate_limiter.py,sha256=YzzlhlxZm-A7YGMiIV8LXDA0zmb_6uRF9GRx9s21Q0U,22544
@@ -73,12 +73,13 @@ tests/test_schemas/test_models.py,sha256=bBeZOPqveuVJuEi_BTVWdVsdj08JXJTEFwvBM4e
 tests/test_schemas/test_responses.py,sha256=ZSbO7A3ThPBovTXO8PFF-2ONWAjJx2dMOoV2lQIfd8s,40774
 tests/test_schemas/test_serialization.py,sha256=jCugAyrdD6Mw1U7Kxni9oTukarZmMMl6KUcl6cq_NTk,18599
 tests/test_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/test_utils/test_cert_utils.py,sha256=2k1kUCJy0T2HPBwOcU5USGfEBQZ_rGzumAGkDdywLak,21232
+tests/test_utils/test_cert_utils.py,sha256=yZGHPuJcjgSHFeT7gnMdsw6UYXmlGUiuHkErukOm8II,28238
 tests/test_utils/test_crypto_utils.py,sha256=yEb4hzG6-irj2DPoXY0DUboJfbeR87ussgTuBpxLGz4,20737
 tests/test_utils/test_datetime_compat.py,sha256=n8S4X5HN-_ejSNpgymDXRyZkmxhnyxwwjxFPdX23I40,5656
+tests/test_utils/test_unitid_compat.py,sha256=MWh03A4FwzQyZa20PKHEWz4W03YtARwBOd_1JbABznQ,25544
 tests/test_utils/test_validation_utils.py,sha256=lus_wHJ2WyVnBGQ28S7dSv78uWcCIuLhn5uflJw-uGw,18569
-mcp_security_framework-1.1.2.dist-info/METADATA,sha256=xuXJme6tsfv0HEsky6X-Nd-S7sULfScqr9y6aU6w-ZM,11771
-mcp_security_framework-1.1.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mcp_security_framework-1.1.2.dist-info/entry_points.txt,sha256=qBh92fVDmd1m2f3xeW0hTu3Ksg8QfGJyV8UEkdA2itg,142
-mcp_security_framework-1.1.2.dist-info/top_level.txt,sha256=ifUiGrTDcD574MXSOoAN2rp2wpUvWlb4jD9LTUgDWCA,29
-mcp_security_framework-1.1.2.dist-info/RECORD,,
+mcp_security_framework-1.2.1.dist-info/METADATA,sha256=3HiQhhOc1aqdstjAhfUnT2gRmxg61pYutP_lVkn6cxw,11771
+mcp_security_framework-1.2.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcp_security_framework-1.2.1.dist-info/entry_points.txt,sha256=qBh92fVDmd1m2f3xeW0hTu3Ksg8QfGJyV8UEkdA2itg,142
+mcp_security_framework-1.2.1.dist-info/top_level.txt,sha256=ifUiGrTDcD574MXSOoAN2rp2wpUvWlb4jD9LTUgDWCA,29
+mcp_security_framework-1.2.1.dist-info/RECORD,,

tests/test_core/test_auth_manager.py CHANGED Viewed

@@ -46,7 +46,7 @@ class TestAuthManager:
         # Create test configuration
         self.auth_config = AuthConfig(
-            api_keys={"test_api_key_123": "test_user"},
+            api_keys={"test_user": "test_api_key_123"},
             jwt_secret="test_jwt_secret_key_32_chars_long",
             jwt_expiry_hours=1,
             ca_cert_file=None,
@@ -65,7 +65,7 @@ class TestAuthManager:
         """Test successful AuthManager initialization."""
         assert self.auth_manager.config == self.auth_config
         assert self.auth_manager.permission_manager == self.mock_permission_manager
-        assert self.auth_manager._api_keys == {"test_user": "test_api_key_123"}
+        assert self.auth_manager._api_keys == {"test_api_key_123": "test_user"}
         assert self.auth_manager._jwt_secret == "test_jwt_secret_key_32_chars_long"
         assert isinstance(self.auth_manager._token_cache, dict)
         assert isinstance(self.auth_manager._session_store, dict)
@@ -429,8 +429,8 @@ class TestAuthManager:
         success = self.auth_manager.add_api_key("new_user", "new_api_key_456789")
         assert success is True
-        assert "new_user" in self.auth_manager._api_keys
-        assert self.auth_manager._api_keys["new_user"] == "new_api_key_456789"
+        assert "new_api_key_456789" in self.auth_manager._api_keys
+        assert self.auth_manager._api_keys["new_api_key_456789"] == "new_user"
     def test_add_api_key_invalid_input(self):
         """Test API key addition with invalid input."""
@@ -456,12 +456,12 @@ class TestAuthManager:
         """Test successful API key removal."""
         # Add a key first
         self.auth_manager.add_api_key("temp_user", "temp_key_123456789")
-        assert "temp_user" in self.auth_manager._api_keys
+        assert "temp_key_123456789" in self.auth_manager._api_keys
         # Remove the key
         success = self.auth_manager.remove_api_key("temp_user")
         assert success is True
-        assert "temp_user" not in self.auth_manager._api_keys
+        assert "temp_key_123456789" not in self.auth_manager._api_keys
     def test_remove_api_key_not_found(self):
         """Test API key removal for non-existent user."""

tests/test_utils/test_cert_utils.py CHANGED Viewed

@@ -32,8 +32,13 @@ from mcp_security_framework.utils.cert_utils import (
     extract_roles_from_certificate,
     get_certificate_expiry,
     get_certificate_serial_number,
+    get_crl_info,
+    is_certificate_revoked,
     is_certificate_self_signed,
+    is_crl_valid,
     parse_certificate,
+    parse_crl,
+    validate_certificate_against_crl,
     validate_certificate_chain,
     validate_certificate_format,
     validate_certificate_purpose,
@@ -508,3 +513,166 @@ class TestCertificateFormatConversion:
             extract_public_key("invalid_cert_data")
         assert "Public key extraction failed" in str(exc_info.value)
+class TestCRLFunctionality:
+    """Test suite for CRL (Certificate Revocation List) functionality."""
+    @staticmethod
+    def create_test_crl():
+        """Create a test CRL for testing."""
+        # Generate private key for CRL issuer
+        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        # Create issuer name
+        issuer = x509.Name([
+            x509.NameAttribute(NameOID.COMMON_NAME, "Test CA"),
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Test Organization"),
+            x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
+        ])
+        # Create CRL
+        now = datetime.now(timezone.utc)
+        crl = x509.CertificateRevocationListBuilder().issuer_name(
+            issuer
+        ).last_update(
+            now
+        ).next_update(
+            now + timedelta(days=30)
+        ).add_extension(
+            x509.CRLNumber(1),
+            critical=False,
+        ).sign(private_key, hashes.SHA256())
+        return crl, private_key
+    def test_parse_crl_success(self):
+        """Test successful CRL parsing."""
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        parsed_crl = parse_crl(crl_pem)
+        assert parsed_crl is not None
+        assert isinstance(parsed_crl, x509.CertificateRevocationList)
+        assert "Test CA" in str(parsed_crl.issuer)
+    def test_parse_crl_invalid_data(self):
+        """Test CRL parsing with invalid data."""
+        with pytest.raises(CertificateError) as exc_info:
+            parse_crl("invalid_crl_data")
+        assert "CRL parsing failed" in str(exc_info.value)
+    def test_is_certificate_revoked_not_revoked(self):
+        """Test certificate revocation check when certificate is not revoked."""
+        # Create test certificate and CRL
+        cert, _ = TestCertificateCreation.create_test_certificate()
+        cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        # Certificate should not be revoked since it's not in the CRL
+        is_revoked = is_certificate_revoked(cert_pem, crl_pem)
+        assert is_revoked is False
+    def test_is_certificate_revoked_invalid_cert(self):
+        """Test certificate revocation check with invalid certificate."""
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        with pytest.raises(CertificateError) as exc_info:
+            is_certificate_revoked("invalid_cert", crl_pem)
+        assert "Certificate revocation check failed" in str(exc_info.value)
+    def test_validate_certificate_against_crl_not_revoked(self):
+        """Test certificate validation against CRL when not revoked."""
+        # Create test certificate and CRL
+        cert, _ = TestCertificateCreation.create_test_certificate()
+        cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        result = validate_certificate_against_crl(cert_pem, crl_pem)
+        assert result["is_revoked"] is False
+        assert "serial_number" in result
+        assert "crl_issuer" in result
+        assert "crl_last_update" in result
+        assert "crl_next_update" in result
+    def test_validate_certificate_against_crl_invalid_data(self):
+        """Test certificate validation against CRL with invalid data."""
+        with pytest.raises(CertificateError) as exc_info:
+            validate_certificate_against_crl("invalid_cert", "invalid_crl")
+        assert "Certificate CRL validation failed" in str(exc_info.value)
+    def test_is_crl_valid_success(self):
+        """Test CRL validation success."""
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        is_valid = is_crl_valid(crl_pem)
+        assert is_valid is True
+    def test_is_crl_valid_invalid_data(self):
+        """Test CRL validation with invalid data."""
+        with pytest.raises(CertificateError) as exc_info:
+            is_crl_valid("invalid_crl_data")
+        assert "CRL validation failed" in str(exc_info.value)
+    def test_get_crl_info_success(self):
+        """Test CRL information extraction success."""
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        info = get_crl_info(crl_pem)
+        assert "issuer" in info
+        assert "last_update" in info
+        assert "next_update" in info
+        assert "revoked_certificates_count" in info
+        assert "status" in info
+        assert "version" in info
+        assert "signature_algorithm" in info
+        assert "signature" in info
+        assert info["revoked_certificates_count"] == 0
+        assert info["status"] == "valid"
+    def test_get_crl_info_invalid_data(self):
+        """Test CRL information extraction with invalid data."""
+        with pytest.raises(CertificateError) as exc_info:
+            get_crl_info("invalid_crl_data")
+        assert "CRL information extraction failed" in str(exc_info.value)
+    def test_validate_certificate_chain_with_crl(self):
+        """Test certificate chain validation with CRL."""
+        # Create test certificate and CA certificate
+        cert, _ = TestCertificateCreation.create_test_certificate()
+        cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        ca_cert, _ = TestCertificateCreation.create_test_certificate()
+        ca_cert_pem = ca_cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        # Create test CRL
+        crl, _ = self.create_test_crl()
+        crl_pem = crl.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        # Test validation with CRL (should pass since certificate is not revoked)
+        is_valid = validate_certificate_chain(cert_pem, ca_cert_pem, crl_pem)
+        assert is_valid is True
+    def test_validate_certificate_chain_without_crl(self):
+        """Test certificate chain validation without CRL."""
+        # Create test certificate and CA certificate
+        cert, _ = TestCertificateCreation.create_test_certificate()
+        cert_pem = cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        ca_cert, _ = TestCertificateCreation.create_test_certificate()
+        ca_cert_pem = ca_cert.public_bytes(serialization.Encoding.PEM).decode('utf-8')
+        # Test validation without CRL
+        is_valid = validate_certificate_chain(cert_pem, ca_cert_pem)
+        assert is_valid is True

mcp-security-framework 1.1.2__py3-none-any.whl → 1.2.1__py3-none-any.whl

mcp-security-framework 1.1.2py3-none-any.whl → 1.2.1py3-none-any.whl