yop-mcp

yeepay_yop_parse_certificates

Extract Base64-encoded public or private keys from certificate files for YeePay YOP platform integration. Supports RSA and SM2 algorithms with .pfx and .cer formats.

Instructions

根据证书文件解析出Base64编码后的公钥或私钥字符串

Args: algorithm (str): 密钥算法，可选值为 "RSA" 或 "SM2"，默认为 "RSA" pfx_cert (str): 私钥证书（.pfx）文件路径 pub_cert (str): 公钥证书（.cer）文件路径 pwd (str, optional): PFX证书的密码，默认为None

Returns: dict: 包含解析结果的字典，格式如下: { 'message': 响应信息, 'privateKey': Base64编码后的私钥字符串, 'publicKey': Base64编码后的公钥字符串 }

Input Schema

TableJSON Schema

Name	Required	Default
`algorithm`	No	RSA
`pfx_cert`	No
`pub_cert`	No
`pwd`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

yop_mcp/main.py:251-278 (handler)

The handler and registration for the MCP tool 'yeepay_yop_parse_certificates'. This function is decorated with @mcp.tool(), defining the tool schema via type hints and docstring, and delegates execution to the parse_certificates helper.

@mcp.tool()
def yeepay_yop_parse_certificates(
    algorithm: str = "RSA",
    pfx_cert: Optional[str] = None,
    pub_cert: Optional[str] = None,
    pwd: Optional[str] = None,
) -> Dict[str, Any]:
    """
    根据证书文件解析出Base64编码后的公钥或私钥字符串

    Args:
        algorithm (str): 密钥算法，可选值为 "RSA" 或 "SM2"，默认为 "RSA"
        pfx_cert (str): 私钥证书（.pfx）文件路径
        pub_cert (str): 公钥证书（.cer）文件路径
        pwd (str, optional): PFX证书的密码，默认为None

    Returns:
        dict: 包含解析结果的字典，格式如下:
            {
                'message': 响应信息,
                'privateKey': Base64编码后的私钥字符串,
                'publicKey': Base64编码后的公钥字符串
            }
    """
    return parse_certificates(
        algorithm=algorithm, pfx_cert=pfx_cert, pub_cert=pub_cert, pwd=pwd
    )

tools/cert_key_parser.py:17-90 (helper)

The primary helper function implementing the certificate parsing logic. Handles validation, file existence checks, algorithm matching (RSA/SM2), and delegates to parse_key_from_certificate for key extraction using the cryptography library.

def parse_certificates(
    algorithm: str = "RSA",
    pfx_cert: Optional[str] = None,
    pub_cert: Optional[str] = None,
    pwd: Optional[str] = None,
) -> Dict[str, Any]:
    result = {"message": "解析成功", "privateKey": None, "publicKey": None}

    # 验证算法类型
    if algorithm not in ["RSA", "SM2"]:
        result["message"] = f"不支持的算法类型: {algorithm}，仅支持 RSA 和 SM2"
        return result

    # 如果两个证书文件都没有提供
    if not pfx_cert and not pub_cert:
        result["message"] = "请至少提供一个证书文件（pfx_cert 或 pub_cert）"
        return result

    try:
        # 处理私钥证书
        if pfx_cert and os.path.exists(pfx_cert):
            pfx_result = parse_key_from_certificate(pfx_cert, pwd)
            if pfx_result["private_key"]:
                result["privateKey"] = pfx_result["private_key"]
            if pfx_result["public_key"] and not result.get("publicKey"):
                result["publicKey"] = pfx_result["public_key"]

            # 检查算法类型是否匹配
            if pfx_result["key_type"] != algorithm:
                result["message"] = (
                    f"警告：PFX证书中检测到的算法类型({pfx_result['key_type']})与指定的算法类型({algorithm})不匹配"
                )
        elif pfx_cert:
            result["message"] = f"私钥证书文件不存在: {pfx_cert}"
            return result

        # 处理公钥证书
        if pub_cert and os.path.exists(pub_cert):
            pub_result = parse_key_from_certificate(pub_cert)
            if pub_result["public_key"]:
                result["publicKey"] = pub_result["public_key"]

            # 检查算法类型是否匹配
            if pub_result["key_type"] != algorithm:
                current_message = result["message"]
                if current_message and "warning" in current_message:
                    result["message"] = (
                        current_message
                        + f"，CER证书中检测到的算法类型({pub_result['key_type']})与指定的算法类型({algorithm})不匹配"
                    )
                else:
                    result["message"] = (
                        f"警告：CER证书中检测到的算法类型({pub_result['key_type']})与指定的算法类型({algorithm})不匹配"
                    )
        elif pub_cert:
            current_message = result["message"]
            if (current_message and "warning" in current_message) or (
                pfx_cert and os.path.exists(pfx_cert)
            ):
                result["message"] = (
                    current_message or ""
                ) + f"，公钥证书文件不存在: {pub_cert}"
            else:
                result["message"] = f"公钥证书文件不存在: {pub_cert}"
                return result

        # 检查是否至少解析出了一个密钥
        if not result["privateKey"] and not result["publicKey"]:
            result["message"] = "未能从证书中解析出任何密钥"

        return result
    except (ValueError, OSError, IOError) as e:
        result["message"] = f"解析证书失败: {str(e)}"
        return result

Tool Definition Quality

A3.6/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden. It discloses the tool's core behavior (parsing certificates to extract keys) and output format, but lacks details on error handling, file path requirements, security implications (e.g., handling sensitive passwords), or performance traits. It adds basic context but misses important behavioral aspects for a tool handling cryptographic materials.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded: the first sentence states the purpose, followed by structured Args and Returns sections. Every sentence earns its place, though the Chinese-language format might be slightly less accessible in some contexts. It's efficient with minimal waste.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (cryptographic parsing), no annotations, 0% schema coverage, but with an output schema provided, the description is reasonably complete. It covers purpose, all parameters, and return format. However, it lacks error cases, security notes, or file format details, leaving some gaps for a tool dealing with certificates and passwords.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate fully. It provides detailed semantics for all 4 parameters: algorithm (options 'RSA' or 'SM2', default 'RSA'), pfx_cert (private key certificate file path), pub_cert (public certificate file path), and pwd (optional PFX certificate password, default None). This adds crucial meaning beyond the bare schema, fully documenting parameter purposes and constraints.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: '根据证书文件解析出Base64编码后的公钥或私钥字符串' (Parse Base64-encoded public or private key strings from certificate files). This is a specific verb+resource combination. However, it doesn't explicitly distinguish this tool from siblings like 'yeepay_yop_gen_key_pair' (which generates keys) or 'yeepay_yop_download_cert' (which downloads certificates), though the parsing focus is implied.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing certificate files), exclusions, or comparisons to sibling tools like 'yeepay_yop_gen_key_pair' for key generation or 'yeepay_yop_download_cert' for obtaining certificates. The usage context is implied but not explicit.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/yop-platform/yop-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server