server: Add validation checks for SSL certificate and key files

Add input validation to verify that SSL certificate and key files exist
and are regular files before attempting to create the SSL context.
This provides clearer error messages to users when certificate files
are missing or invalid, following the same validation pattern used for
config files.

Author: swan-amazon

integrations/mock_server/src/main.py

@@ -80,4 +80,4 @@
     parser.add_argument("--key", type=str, default="server.key", help="SSL Private Key file")
 
     args = parser.parse_args()
-    run_server(args.port, Path(args.config), Path(args.routing_config_dir), args.cert, args.key)
+    run_server(args.port, Path(args.config), Path(args.routing_config_dir), Path(args.cert), Path(args.key))

integrations/mock_server/src/server.py

@@ -14,6 +14,7 @@
 
 import http.server
 import logging
+import socketserver
 import ssl
 from pathlib import Path
 
@@ -65,17 +66,27 @@ def run_server(port: int, config_path: Path, routing_config_dir: Path, cert_path
 
     logging.basicConfig(level=logging.DEBUG, format="[%(levelname)s] %(message)s")
 
-    config: Configuration = load_configurations(config_path, routing_config_dir)
+    if not config_path.is_file():
+        raise ValueError(f"'{config_path}' is not a file")
 
-    logging.info("Server starting on port %s", port)
-    server_address = ("", port)
+    if not routing_config_dir.is_dir():
+        raise ValueError(f"'{routing_config_dir}' is not a directory")
 
-    theMockServerHandler = createMockServerHandler(config)
+    if not cert_path.is_file():
+        raise ValueError(f"'{cert_path}' is not a file")
 
-    httpd = http.server.ThreadingHTTPServer(server_address, theMockServerHandler)
-    context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    if not key_path.is_file():
+        raise ValueError(f"'{key_path}' is not a file")
+
+    config: Configuration = load_configurations(config_path, routing_config_dir)
+    server_address: socketserver._AfInetAddress = ("", port)
+    context: ssl.SSLContext = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
     context.load_cert_chain(certfile=cert_path, keyfile=key_path)
 
+    theMockServerHandler = createMockServerHandler(config)
+    httpd = http.server.ThreadingHTTPServer(server_address, theMockServerHandler)
+
+    logging.info("Server starting on port %s", port)
     with context.wrap_socket(httpd.socket, server_side=True) as httpd.socket:
         logging.info("Server started on port %s", port)
         logging.info("HTTPS enabled with cert: %s and key: %s", cert_path, key_path)