in geronimo-mail_2.1_impl/geronimo-mail_2.1_provider/src/main/java/org/apache/geronimo/mail/store/imap/connection/IMAPConnection.java [108:188]
public boolean protocolConnect(String host, int port, String authid, String realm, String username, String password) throws MessagingException {
this.serverHost = host;
this.serverPort = port;
this.realm = realm;
this.authid = authid;
this.username = username;
this.password = password;
boolean preAuthorized = false;
try {
// create socket and connect to server.
getConnection();
// we need to ask the server what its capabilities are. This can be done
// before we login.
getCapability();
// do a preauthoriziation check.
if (extractResponse("PREAUTH") != null) {
preAuthorized = true;
}
// make sure we process these now
processPendingResponses();
boolean requireTLS = props.getBooleanProperty(MAIL_STARTTLS_REQUIRED, false);
boolean enableTLS = props.getBooleanProperty(MAIL_STARTTLS_ENABLE, false);
boolean serverSupportsTLS = hasCapability(CAPABILITY_STARTTLS);
// if we're not already using an SSL connection, and we have permission to issue STARTTLS or its even required
// try to setup a SSL connection
if (!sslConnection && (enableTLS || requireTLS)) {
//if the server does not support TLS check if its required.
//If true then throw an error, if not establish a non SSL connection
if(requireTLS && !serverSupportsTLS) {
throw new MessagingException("Server doesn't support required transport level security");
} else if (serverSupportsTLS){
// tell the server of our intention to start a TLS session
sendSimpleCommand("STARTTLS");
// The connection is then handled by the superclass level.
getConnectedTLSSocket();
// create the special reader for pulling the responses.
reader = new IMAPResponseStream(inputStream);
// the IMAP spec states that the capability response is independent of login state or
// user, but I'm not sure I believe that to be the case. It doesn't hurt to refresh
// the information again after establishing a secure connection.
getCapability();
// and we need to repeat this check.
if (extractResponse("PREAUTH") != null) {
preAuthorized = true;
}
} else {
if (debug) {
debugOut("STARTTLS is enabled but not required and server does not support it. So we establish a connection without transport level security");
}
}
}
// damn, no login required.
if (preAuthorized) {
return true;
}
// go login with the server
return login();
} catch (IOException e) {
if (debug) {
debugOut("I/O exception establishing connection", e);
}
throw new MessagingException("Connection error", e);
}
finally {
// make sure the queue is cleared
processPendingResponses();
}
}