yop-mcp

yeepay_yop_download_cert

Download CFCA certificates using algorithm, serial number, authorization code, key pairs, and password, then save both private (.pfx) and public (.cer) certificates to local paths.

Instructions

根据密钥算法、CFCA证书的序列号、授权码、非对称密钥对（公钥和私钥）、密码，下载该证书，并保存到本地路径

Args: algorithm: 密钥算法，可选值为 "RSA" 或 "SM2"，默认为 "RSA" serial_no: cfca证书序列号 auth_code: cfca证书授权码 private_key: Base64 编码后的私钥字符串 public_key: Base64 编码后的公钥字符串 pwd: 密码，长度：12~16位

Returns: Dict包含: - message: 响应信息 - pfxCert: 私钥证书路径(.pfx) - pubCert: 公钥证书路径(.cer)

Input Schema

TableJSON Schema

Name	Required	Default
`algorithm`	No	RSA
`serial_no`	No
`auth_code`	No
`private_key`	No
`public_key`	No
`pwd`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

yop_mcp/main.py:216-249 (handler)

Handler function for the MCP tool 'yeepay_yop_download_cert'. Decorated with @mcp.tool() for registration. Defines input parameters with type hints and detailed docstring serving as schema. Delegates core logic to download_cert helper.

def yeepay_yop_download_cert(  # pylint: disable=too-many-arguments,too-many-positional-arguments
    algorithm: str = "RSA",
    serial_no: str = "",
    auth_code: str = "",
    private_key: str = "",
    public_key: str = "",
    pwd: str = "",
) -> Dict[str, Any]:
    """
    根据密钥算法、CFCA证书的序列号、授权码、非对称密钥对（公钥和私钥）、密码，下载该证书，并保存到本地路径

    Args:
        algorithm: 密钥算法，可选值为 "RSA" 或 "SM2"，默认为 "RSA"
        serial_no: cfca证书序列号
        auth_code: cfca证书授权码
        private_key: Base64 编码后的私钥字符串
        public_key: Base64 编码后的公钥字符串
        pwd: 密码，长度：12~16位

    Returns:
        Dict包含:
        - message: 响应信息
        - pfxCert: 私钥证书路径(.pfx)
        - pubCert: 公钥证书路径(.cer)
    """
    return download_cert(
        algorithm=algorithm,
        serial_no=serial_no,
        auth_code=auth_code,
        private_key=private_key,
        public_key=public_key,
        pwd=pwd,
    )

tools/cert_utils.py:460-548 (helper)

Core helper function implementing the certificate download logic: input validation, key pair verification, P10 certificate request generation, download from CFCA API, certificate verification, and file saving.

def download_cert(
    algorithm: str = "RSA",
    serial_no: str = "",
    auth_code: str = "",
    private_key: str = "",
    public_key: str = "",
    pwd: str = "",
) -> Dict[str, Any]:
    # 确定密钥类型
    key_type = KeyType.SM2 if algorithm.upper() == "SM2" else KeyType.RSA2048

    # 检查输入参数
    check_result = CertUtils.check_input(
        serial_no, auth_code, key_type, private_key, public_key, pwd
    )
    if not check_result.result:
        return {"message": check_result.msg}

    # 检查公私钥匹配
    p10_generated = False  # 标记是否已生成P10请求
    try:
        if not p10_generated and not CertUtils.check_key(
            private_key, public_key, key_type
        ):
            return {"message": "商户公私钥不匹配，请重新输入"}
    except Exception as e:
        return {"message": f"密钥解析异常: {str(e)}"}

    # 生成证书请求
    if p10_generated:
        cert_req = private_key
    else:
        try:
            cert_req = CertUtils.gen_p10(private_key, public_key, key_type)
        except Exception as e:
            return {"message": f"生成证书请求失败: {str(e)}"}

    # 确定证书保存路径
    cert_path = (
        Config.SM2_CERT_SAVE_PATH
        if key_type == KeyType.SM2
        else Config.RSA_CERT_SAVE_PATH
    )
    pri_cert_path = os.path.join(cert_path, f"{serial_no}.pfx")
    pub_cert_path = os.path.join(cert_path, f"{serial_no}.cer")

    # 检查证书是否已存在
    if SupportUtil.is_file_exists(pri_cert_path) and SupportUtil.is_file_exists(
        pub_cert_path
    ):
        return {
            "message": "本地证书已存在",
            "pfxCert": pri_cert_path,
            "pubCert": pub_cert_path,
        }

    try:
        # 获取证书
        cert: Optional[str] = None
        if SupportUtil.is_file_exists(pub_cert_path):
            cert = SupportUtil.read_file_as_string(pub_cert_path)
        else:
            cert_download_result = CertUtils.download_cert_from_cfca(
                serial_no, auth_code, cert_req
            )
            if cert_download_result.error_msg:
                return {"message": cert_download_result.error_msg}
            cert = cert_download_result.cert

        # 检查证书与私钥匹配
        if cert and not CertUtils.check_cert(private_key, cert, key_type):
            return {"message": "证书已下载过，且证书与输入的私钥不匹配，请核对"}

        # 保存证书
        if cert:
            pub_cert_path = CertUtils.make_pub_cert(cert, serial_no, cert_path)
        if not p10_generated and cert:
            pri_cert_path = CertUtils.make_pfx_cert(
                private_key, cert, key_type, pwd, serial_no, cert_path
            )

        return {
            "message": "CFCA证书激活并下载成功",
            "pfxCert": pri_cert_path,
            "pubCert": pub_cert_path,
        }
    except Exception as e:
        return {"message": f"系统异常，请稍后重试: {str(e)}"}

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It mentions that the tool downloads and saves certificates locally, implying a write operation, but doesn't specify permissions required, rate limits, error handling, or whether the download is idempotent. For a tool that handles sensitive data like keys and passwords, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded: it starts with a clear purpose statement, followed by a bullet-point list of arguments and returns. The structure is efficient, with each sentence adding value, though the Chinese text might require translation for broader accessibility, but that doesn't detract from conciseness.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (6 parameters, no annotations, but an output schema exists), the description is moderately complete. It covers parameter semantics well and includes return values in the output schema, so it doesn't need to explain returns. However, it lacks behavioral context and usage guidelines, which are crucial for a tool involving cryptographic operations and local file saving.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds substantial meaning beyond the input schema, which has 0% coverage. It explains each parameter's purpose: algorithm options ('RSA' or 'SM2'), serial_no as CFCA certificate serial number, auth_code as authorization code, private_key and public_key as Base64-encoded strings, and pwd as a 12-16 character password. This compensates well for the lack of schema descriptions, though it doesn't detail format constraints beyond password length.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: '下载该证书，并保存到本地路径' (download the certificate and save it to a local path). It specifies the resource (certificate) and action (download and save), and mentions the required inputs like algorithm, serial number, and keys. However, it doesn't explicitly differentiate from sibling tools like 'yeepay_yop_parse_certificates', which might handle certificate parsing rather than downloading.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It lists the required inputs but doesn't mention prerequisites, such as needing a CFCA certificate or when this download is necessary compared to other certificate-related tools in the sibling list. This lack of context makes it unclear when this tool is the appropriate choice.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/yop-platform/yop-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server