TLSServerCredential.import_signed() fails if certificate string is long

[cs-1]

TLSServerCredential.import_signed() will fail if certificate or key given is long. It will try to use the certificate string as a filename and this will fail with an error that the filename is too long.

Proposed improvement:

• Use x509.load_pem_x509_certificate(...) to check if the string given is actually a valid certificate. If yes, don't try to use the string as a filename.
• Use serialization.load_pem_private_key(...) to do the same for the private key.

Currently there's no way to import TLS credentials via TLSServerCredential.import_signed() with long certificate strings.

[cs-1]

The error message is this:

  File "....../lib/python3.14/site-packages/smc/administration/certificates/tls_common.py", line 79, in certificate_content
    with open(certificate, "rb") as file:
         ~~~~^^^^^^^^^^^^^^^^^^^
OSError: [Errno 63] File name too long: '-----BEGIN CERTIFICATE-----......'

[cs-1]

Please note that pull request #80 is quite basic and just reverses the conditions in two "if" statements. The proposed change in #79 (comment) is actually better because it doesn't allow broken certificates and keys to be uploaded to SMC in the first place. However, making this change is out of scope for me.

[lilianValeroFp]

Hi, thks for your fix. We will integrate it in our next release plan for the next quarter.

[cs-1]

@lilianValeroFp can I convince you to release a fix earlier? Right now it's impossible to upload certificates of even moderate lengths as strings. If using fp-NGFW-SMC-python in middlewares you don't want to use TLS credentials in files for security reasons but just directly use the strings in RAM.

[lilianValeroFp]

The next week, we will be in Q2 :) I hope it will be enough for you

[cs-1]

The next week, we will be in Q2 :) I hope it will be enough for you

That sounds good. "integrating it on the release plan" didn't ad hoc sound like "next week" to me. But next week definitely is fine, thanks! :)