/*
 * keytoosmall.c: replace Netscape key-toosmall function with our own
 *
 * This is designed to let a user add a link to an FAQ on the Insufficient
 * encryption message so they can try to resolve the problem themself.
 *
 * Rob Crittenden
 *
 * How to install this program:
 *
 *    Add the following lines to your obj.conf:
 *
 *    Init fn=load-modules shlib=<path to keytoosmall.so> funcs=keytoosmall_init
 *    Init fn=keytoosmall_init
 *
 */

#include "nsapi.h"

#define ERROR_HEADER "Insufficient encryption"
#define FAQ_URL "http://bully.mcom.com/faq.html"

#define BUFFER_SIZE 1024

static FuncPtr keytoosmallptr;

static int keytoosmall(pblock *pb, Session *sn, Request *rq);

/*
 * keytoosmall_init()
 * 
 * Initialization function.
 *
 * This is where we replace the standard key-toosmall with our own.
 *
 */
NSAPI_PUBLIC int keytoosmall_init(pblock *pb, Session *sn, Request *rq)
{
    /* Replace Netscape's key-toosmall handler */
    keytoosmallptr = func_replace("key-toosmall", keytoosmall);

    if (!keytoosmallptr) {
        ereport(LOG_FAILURE, "keytoosmall: failed to replace key-toosmall handler");
        return REQ_ABORTED;
    }

    return REQ_PROCEED;
}


/* 
 * keytoosmall()
 *
 * Print out basically the same message as the standard Netscape server
 * but add a FAQ link.
 *
 */
static int keytoosmall(pblock *pb, Session *sn, Request *rq)
{
    char buf[BUFFER_SIZE];
    int length;

    /* get rid of any existing content-type */
    param_free(pblock_remove("content-type", rq->srvhdrs));

    /* set content to html */
    pblock_nvinsert("content-type", "text/html", rq->srvhdrs);

    protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);

    /* get ready to send page */
    protocol_start_response(sn, rq);

    /* fill the buffer with our message */
    length = util_snprintf(buf, BUFFER_SIZE, "<title>%s</title><h1>%s</h1>\n", ERROR_HEADER, ERROR_HEADER);
    length += util_snprintf(&buf[length], BUFFER_SIZE - length, "This document requires a larger secret key size for encryption than your browser is capable of supporting.\n");
    length += util_snprintf(&buf[length], BUFFER_SIZE - length, "<p>For more information on this error see our FAQ at <a href=\"%s\">%s</a>\n", FAQ_URL, FAQ_URL);

    /* write the message to the client */
    if (net_write(sn->csd, buf, length) == IO_ERROR)
    {
        return REQ_EXIT;
    }
    return REQ_PROCEED;
}