From 6f3edc4b9250278e8796b05b0eadb756eb89e50a Mon Sep 17 00:00:00 2001
From: 0mgfriday <100394531+0mgfriday@users.noreply.github.com>
Date: Wed, 28 Jun 2023 08:52:52 -0400
Subject: [PATCH] JWT Decode Script (#354)

Create JwtDecode.js

Signed-off-by: 0mgfriday <100394531+0mgfriday@users.noreply.github.com>
---
 CHANGELOG.md               |  1 +
 encode-decode/JwtDecode.js | 41 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 encode-decode/JwtDecode.js

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7af9a933..8d741ae9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 ### Added
 - targeted/SQLMapCommandGenerator.js - it will generate and copy sqlmap command based on the request
+- encode-decode/JwtDecode.js - Decodes JWTs
 
 ### Changed
 - Update minimum ZAP version to 2.12.0:
diff --git a/encode-decode/JwtDecode.js b/encode-decode/JwtDecode.js
new file mode 100644
index 00000000..7598d70b
--- /dev/null
+++ b/encode-decode/JwtDecode.js
@@ -0,0 +1,41 @@
+// JWT Decode by 0mgfriday
+var Base64 = Java.type("java.util.Base64")
+var String = Java.type("java.lang.String")
+var StandardCharsets = Java.type("java.nio.charset.StandardCharsets");
+
+/**
+ * Decode JWT into a text representation
+ *
+ * @param {EncodeDecodeScriptHelper} helper - A helper object with various utility methods.
+ *     For more details see https://github.com/zaproxy/zap-extensions/tree/main/addOns/encoder/src/main/java/org/zaproxy/addon/encoder/processors/script/EncodeDecodeScriptHelper.java
+ * @param {String} value - JWT to decode
+ * @returns {EncodeDecodeResult} - Decoded JWT (JSON)
+ */
+function process(helper, value){
+    var parts = value.split('.')
+    
+    if (parts.length == 2 || parts.length == 3) {
+        try {
+            var result = formatJson(b64decode(parts[0])) + '\n' +  formatJson(b64decode(parts[1]))
+        
+            if (parts.length == 3 && parts[2] != '') {
+                result += '\n{SIGNATURE}'
+            }
+
+            return helper.newResult(result);
+        } catch (err) {
+            return helper.newError("Invalid JWT: Unable to decode");
+        }
+    }
+
+    return helper.newError("Invalid JWT");
+}
+
+function b64decode(s) {
+    var bytes = Base64.getUrlDecoder().decode(s)
+    return new String(bytes, StandardCharsets.UTF_8)
+}
+
+function formatJson(json) {
+    return JSON.stringify(JSON.parse(json),null,2)
+}