https workaround for bitdefender mitm ssl proxy

2026-04-23 16:18:07 -04:00
parent 614b4fe5f7
commit 721bb0a6d4
3 changed files with 65 additions and 5 deletions
--- a/zefie_wtvp_minisrv/includes/classes/WTVSSL.js
+++ b/zefie_wtvp_minisrv/includes/classes/WTVSSL.js
@@ -13,6 +13,51 @@ class WTVSSL {
        }
        return this.wtvshared.fs.readFileSync(caCertFile);
    }
+
+    derToPem(derBuffer) {
+        const base64 = derBuffer.toString("base64");
+        const pem = [
+            "-----BEGIN CERTIFICATE-----",
+            base64.match(/.{1,64}/g).join("\n"),
+            "-----END CERTIFICATE-----"
+        ].join("\n");
+
+        return pem;
+    }
+
+    wrapBase664ToPem(text) {;
+        const pem = [
+            "-----BEGIN CERTIFICATE-----",
+            text,
+            "-----END CERTIFICATE-----"
+        ].join("\n");
+        return pem;
+    }
+
+   normalizeCert(cert) {
+        if (Buffer.isBuffer(cert)) {
+            // assume DER
+            return this.derToPem(cert);
+        }
+        const text = cert.toString().trim();
+        if (text.includes("BEGIN CERTIFICATE")) {
+            return text; // already PEM
+        } 
+        // assume Base64 DER
+        return this.wrapBase664ToPem(text);
+    }
+    
+    getBitdefenderCACert() {
+        // return the Bitdefender CA cert
+        if (process.platform !== 'win32') {
+            return false;
+        }
+        const caCertFile = "C:\\Program Files\\Bitdefender\\Bitdefender Security\\mitm_cache\\fake-ca.crt"
+        if (!this.wtvshared.fs.existsSync(caCertFile)) {
+            return false;
+        }
+        return this.normalizeCert(this.wtvshared.fs.readFileSync(caCertFile));
+    }
 }

 module.exports = WTVSSL;