String getToken(
    final Sspi.CtxtHandle continueCtx,
    final Sspi.SecBufferDesc continueToken,
    final String targetName) {
    final IntByReference attr = new IntByReference();
    final ManagedSecBufferDesc token = new ManagedSecBufferDesc(
        Sspi.SECBUFFER_TOKEN, Sspi.MAX_TOKEN_SIZE);

    sspiContext = new Sspi.CtxtHandle();
    final int rc = Secur32.INSTANCE.InitializeSecurityContext(clientCred,
        continueCtx, targetName, Sspi.ISC_REQ_DELEGATE | Sspi.ISC_REQ_MUTUAL_AUTH, 0,
        Sspi.SECURITY_NATIVE_DREP, continueToken, 0, sspiContext, token,
        attr, null);
    switch(rc) {
        case WinError.SEC_I_CONTINUE_NEEDED:
            continueNeeded = true;
            break;
        case WinError.SEC_E_OK:
            dispose(); // Don't keep the context
            continueNeeded = false;
            break;
        default:
            dispose();
            throw new Win32Exception(rc);
    }
    return Base64.encodeBase64String(token.getBuffer(0).getBytes());
}
 

/**
 * Process native windows GSS plugin authentication.
 *
 * @param out out stream
 * @param in in stream
 * @param sequence packet sequence
 * @param servicePrincipalName principal name
 * @param mechanisms gssapi mechanism
 * @throws IOException if socket error
 */
public void authenticate(
    final PacketOutputStream out,
    final PacketInputStream in,
    final AtomicInteger sequence,
    final String servicePrincipalName,
    final String mechanisms)
    throws IOException {

  // initialize a security context on the client
  IWindowsSecurityContext clientContext =
      WindowsSecurityContextImpl.getCurrent(mechanisms, servicePrincipalName);

  do {

    // Step 1: send token to server
    byte[] tokenForTheServerOnTheClient = clientContext.getToken();
    out.startPacket(sequence.incrementAndGet());
    out.write(tokenForTheServerOnTheClient);
    out.flush();

    // Step 2: read server response token
    if (clientContext.isContinue()) {
      Buffer buffer = in.getPacket(true);
      sequence.set(in.getLastPacketSeq());
      byte[] tokenForTheClientOnTheServer = buffer.readRawBytes(buffer.remaining());
      Sspi.SecBufferDesc continueToken =
          new SspiUtil.ManagedSecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenForTheClientOnTheServer);
      clientContext.initialize(clientContext.getHandle(), continueToken, servicePrincipalName);
    }

  } while (clientContext.isContinue());

  clientContext.dispose();
}