mcp-security-framework 1.2.1__py3-none-any.whl → 1.2.2__py3-none-any.whl

mcp_security_framework/__init__.py

@@ -71,7 +71,7 @@ from mcp_security_framework.schemas.responses import (
 )
 
 # Version information
-__version__ = "1.2.1"
+__version__ = "1.2.2"
 __author__ = "Vasiliy Zdanovskiy"
 __email__ = "vasilyvz@gmail.com"
 __license__ = "MIT"

mcp_security_framework/schemas/config.py

@@ -247,8 +247,12 @@ class CertificateConfig(BaseModel):
     This model defines certificate management configuration settings
     including CA settings, certificate storage, and validation options.
 
+    BUGFIX: Added ca_creation_mode to allow CA certificate creation
+    without requiring existing CA paths.
+
     Attributes:
         enabled: Whether certificate management is enabled
+        ca_creation_mode: Whether we are in CA creation mode (bypasses CA path validation)
         ca_cert_path: Path to CA certificate
         ca_key_path: Path to CA private key
         cert_storage_path: Path for certificate storage
@@ -266,6 +270,9 @@ class CertificateConfig(BaseModel):
     enabled: bool = Field(
         default=False, description="Whether certificate management is enabled"
     )
+    ca_creation_mode: bool = Field(
+        default=False, description="Whether we are in CA creation mode (bypasses CA path validation)"
+    )
     ca_cert_path: Optional[str] = Field(
         default=None, description="Path to CA certificate"
     )
@@ -317,10 +324,13 @@ class CertificateConfig(BaseModel):
     def validate_certificate_configuration(self):
         """Validate certificate configuration consistency."""
         if self.enabled:
-            if not self.ca_cert_path or not self.ca_key_path:
-                raise ValueError(
-                    "Certificate management enabled but CA certificate and key paths are required"
-                )
+            # BUGFIX: Only require CA paths if not in CA creation mode
+            if not self.ca_creation_mode:
+                if not self.ca_cert_path or not self.ca_key_path:
+                    raise ValueError(
+                        "Certificate management enabled but CA certificate and key paths are required. "
+                        "Set ca_creation_mode=True if you are creating a CA certificate."
+                    )
 
         if self.crl_enabled and not self.crl_path:
             raise ValueError("CRL enabled but CRL path is required")

{mcp_security_framework-1.2.1.dist-info → mcp_security_framework-1.2.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-security-framework
-Version: 1.2.1
+Version: 1.2.2
 Summary: Universal security framework for microservices with SSL/TLS, authentication, authorization, and rate limiting. Requires cryptography>=42.0.0 for certificate operations.
 Author-email: Vasiliy Zdanovskiy <vasilyvz@gmail.com>
 Maintainer-email: Vasiliy Zdanovskiy <vasilyvz@gmail.com>

{mcp_security_framework-1.2.1.dist-info → mcp_security_framework-1.2.2.dist-info}/RECORD

@@ -1,4 +1,4 @@
-mcp_security_framework/__init__.py,sha256=wRlT28hRsnSZCUVNGtU-KggRk66KzSQl4agKOxE5ZCA,3172
+mcp_security_framework/__init__.py,sha256=C9V1poQA2xvUsTjT2DulR-ePlspAJ1ouYFLZ-GgfsuE,3172
 mcp_security_framework/constants.py,sha256=k7NMSrgc83Cci8aoilybQxdC7jir7J-mVFE_EpqVrDk,5307
 mcp_security_framework/cli/__init__.py,sha256=plpWdiWMp2dcLvUuGwXynRg5CDjz8YKnNTBn7lcta08,369
 mcp_security_framework/cli/cert_cli.py,sha256=LdZ3SYKM3e3dP5LsVR5Y0OENtlG0ENu64aHefHjuiN8,23818
@@ -29,7 +29,7 @@ mcp_security_framework/middleware/mtls_middleware.py,sha256=WSyWIk1fCN96hkofODKj
 mcp_security_framework/middleware/rate_limit_middleware.py,sha256=deCwwigI0Pt7pBUnk2jDurI9ZyjujWTsexEWWndXm3g,13177
 mcp_security_framework/middleware/security_middleware.py,sha256=PQ251Fr2UrYVPgGfhXq6QJyqK2tRk0WCIg9_FBvfVkg,16844
 mcp_security_framework/schemas/__init__.py,sha256=lefkbRlbj2ICfasSj51MQ04o3z1YycnbnknSJCFfXbU,2590
-mcp_security_framework/schemas/config.py,sha256=SUUrpOz9ZTIhZG9Fu2Gsz86yxoGbUt00Qk-Qk_GaTus,26819
+mcp_security_framework/schemas/config.py,sha256=I2bBypkNkE3d8Zv5IPeduggFUfIUA5Pyi56NmT1a_5g,27385
 mcp_security_framework/schemas/models.py,sha256=Izjy3I55zjMVLsVZpXZ0M4aK3SCks9sC2U1cbxrXYeI,28439
 mcp_security_framework/schemas/responses.py,sha256=nVXaqF5GTSprXTa_wiUEu38nvSw9WAXtKViAJNbO-Xg,23206
 mcp_security_framework/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -68,7 +68,7 @@ tests/test_middleware/test_flask_auth_middleware.py,sha256=NA74wnBq7AR-YsUqlibMS
 tests/test_middleware/test_flask_middleware.py,sha256=JqWr5MknE6AvnUUf2Cr0ME6l_wSbze0BqbEIQO8B5qs,22731
 tests/test_middleware/test_security_middleware.py,sha256=J69rVgsnohQp2ucUnGRyWCWZxt6RF2tQ9vQNLFlDXEg,19199
 tests/test_schemas/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/test_schemas/test_config.py,sha256=Bp_yZ_HBIl7jcR7Wb1S9iCB0tCu_Ov26YKHTulDs1RU,29430
+tests/test_schemas/test_config.py,sha256=m0TKYPXKC2QdkVmUc7UPEF3yOANL5Ee1v93DZswSMvk,31347
 tests/test_schemas/test_models.py,sha256=bBeZOPqveuVJuEi_BTVWdVsdj08JXJTEFwvBM4eFRVU,34311
 tests/test_schemas/test_responses.py,sha256=ZSbO7A3ThPBovTXO8PFF-2ONWAjJx2dMOoV2lQIfd8s,40774
 tests/test_schemas/test_serialization.py,sha256=jCugAyrdD6Mw1U7Kxni9oTukarZmMMl6KUcl6cq_NTk,18599
@@ -78,8 +78,8 @@ tests/test_utils/test_crypto_utils.py,sha256=yEb4hzG6-irj2DPoXY0DUboJfbeR87ussgT
 tests/test_utils/test_datetime_compat.py,sha256=n8S4X5HN-_ejSNpgymDXRyZkmxhnyxwwjxFPdX23I40,5656
 tests/test_utils/test_unitid_compat.py,sha256=MWh03A4FwzQyZa20PKHEWz4W03YtARwBOd_1JbABznQ,25544
 tests/test_utils/test_validation_utils.py,sha256=lus_wHJ2WyVnBGQ28S7dSv78uWcCIuLhn5uflJw-uGw,18569
-mcp_security_framework-1.2.1.dist-info/METADATA,sha256=3HiQhhOc1aqdstjAhfUnT2gRmxg61pYutP_lVkn6cxw,11771
-mcp_security_framework-1.2.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mcp_security_framework-1.2.1.dist-info/entry_points.txt,sha256=qBh92fVDmd1m2f3xeW0hTu3Ksg8QfGJyV8UEkdA2itg,142
-mcp_security_framework-1.2.1.dist-info/top_level.txt,sha256=ifUiGrTDcD574MXSOoAN2rp2wpUvWlb4jD9LTUgDWCA,29
-mcp_security_framework-1.2.1.dist-info/RECORD,,
+mcp_security_framework-1.2.2.dist-info/METADATA,sha256=JSoJc0AxNbssfj8K6IyR-JCfySC8L9pmys2d7PnLj9o,11771
+mcp_security_framework-1.2.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mcp_security_framework-1.2.2.dist-info/entry_points.txt,sha256=qBh92fVDmd1m2f3xeW0hTu3Ksg8QfGJyV8UEkdA2itg,142
+mcp_security_framework-1.2.2.dist-info/top_level.txt,sha256=ifUiGrTDcD574MXSOoAN2rp2wpUvWlb4jD9LTUgDWCA,29
+mcp_security_framework-1.2.2.dist-info/RECORD,,

tests/test_schemas/test_config.py

@@ -195,6 +195,7 @@ class TestCertificateConfig:
         config = CertificateConfig()
 
         assert config.enabled is False
+        assert config.ca_creation_mode is False
         assert config.ca_cert_path is None
         assert config.ca_key_path is None
         assert config.cert_storage_path == "./certs"
@@ -217,6 +218,7 @@ class TestCertificateConfig:
             "Certificate management enabled but CA certificate and key paths are required"
             in str(exc_info.value)
         )
+        assert "ca_creation_mode=True" in str(exc_info.value)
 
     def test_certificate_config_crl_enabled_without_path(self):
         """Test CertificateConfig validation when CRL enabled without path."""
@@ -272,6 +274,54 @@ class TestCertificateConfig:
         with pytest.raises(ValidationError):
             CertificateConfig(default_validity_days=3651)
 
+    def test_certificate_config_ca_creation_mode(self):
+        """Test CertificateConfig with CA creation mode enabled."""
+        config = CertificateConfig(
+            enabled=True,
+            ca_creation_mode=True,
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+
+        assert config.enabled is True
+        assert config.ca_creation_mode is True
+        assert config.ca_cert_path is None
+        assert config.ca_key_path is None
+        assert config.cert_storage_path == "./certs"
+        assert config.key_storage_path == "./keys"
+
+    def test_certificate_config_ca_creation_mode_with_ca_paths(self):
+        """Test CertificateConfig with CA creation mode and CA paths (should work)."""
+        config = CertificateConfig(
+            enabled=True,
+            ca_creation_mode=True,
+            ca_cert_path="./certs/ca.crt",
+            ca_key_path="./keys/ca.key",
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+
+        assert config.enabled is True
+        assert config.ca_creation_mode is True
+        assert config.ca_cert_path == "./certs/ca.crt"
+        assert config.ca_key_path == "./keys/ca.key"
+
+    def test_certificate_config_normal_mode_with_ca_paths(self):
+        """Test CertificateConfig in normal mode with CA paths."""
+        config = CertificateConfig(
+            enabled=True,
+            ca_creation_mode=False,
+            ca_cert_path="./certs/ca.crt",
+            ca_key_path="./keys/ca.key",
+            cert_storage_path="./certs",
+            key_storage_path="./keys"
+        )
+
+        assert config.enabled is True
+        assert config.ca_creation_mode is False
+        assert config.ca_cert_path == "./certs/ca.crt"
+        assert config.ca_key_path == "./keys/ca.key"
+
 
 class TestPermissionConfig:
     """Test suite for PermissionConfig class."""