} catch (e: NoSuchElementException) {
      throw IllegalArgumentException("failed to decode certificate", e)
    } catch (e: IllegalArgumentException) {
      throw IllegalArgumentException("failed to decode certificate", e)
    } catch (e: GeneralSecurityException) {
      throw IllegalArgumentException("failed to decode certificate", e)
    }
  }
}

internal data class TbsCertificate(

    }
  }
}

object LoggingCallback : FutureCallback<SimpleHttpResponse> {
  override fun completed(response: SimpleHttpResponse) {
  }

  override fun failed(ex: Exception) {
    println("Failed: $ex")
  }

  override fun cancelled() {
    println("Cancelled")
  }

import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import org.junit.jupiter.api.Assertions.assertEquals
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Disabled
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.RegisterExtension
import org.openjsse.sun.security.ssl.SSLSocketFactoryImpl
import org.openjsse.sun.security.ssl.SSLSocketImpl

    }
    val multimap = mapOf("Set-Cookie" to cookieStrings)
    try {
      cookieHandler.put(url.toUri(), multimap)
    } catch (e: IOException) {
      Platform.get().log("Saving cookies failed for " + url.resolve("/...")!!, WARN, e)
    }
  }

  override fun loadForRequest(url: HttpUrl): List<Cookie> {
    val cookieHeaders =
      try {

 * and the implementation should respond with a new request that sets the "Authorization" header.
 *
 * ```java
 * if (response.request().header("Authorization") != null) {
 *   return null; // Give up, we've already failed to authenticate.
 * }
 *
 * String credential = Credentials.basic(...)
 * return response.request().newBuilder()
 *     .header("Authorization", credential)
 *     .build();
 * ```
 *

import okhttp3.internal.http2.ErrorCode
import okhttp3.testing.PlatformRule
import okio.BufferedSink
import okio.IOException
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Disabled
import org.junit.jupiter.api.Tag
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.Timeout
import org.junit.jupiter.api.assertThrows
import org.junit.jupiter.api.extension.RegisterExtension

@Timeout(30)

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.idn

import kotlin.math.abs
import okio.ByteString

internal sealed interface MappedRange {
  val rangeStart: Int

  data class Constant(
    override val rangeStart: Int,
    val type: Int,
  ) : MappedRange {
    val b1: Int
      get() =
        when (type) {

  }

  /**
   * Converts a single label from Punycode to Unicode.
   *
   * @return true if the range of [string] from [pos] to [limit] was valid and decoded successfully.
   *     Otherwise, the decode failed.
   */
  private fun decodeLabel(
    string: String,
    pos: Int,
    limit: Int,
    result: Buffer,
  ): Boolean {
    if (!string.regionMatches(pos, PREFIX_STRING, 0, 4, ignoreCase = true)) {

/**
 * Used when we were unsuccessful in the planning phase of a connection:
 *
 *  * A DNS lookup failed
 *  * The configuration is incapable of carrying the request, such as when the client is configured
 *    to use `H2_PRIOR_KNOWLEDGE` but the URL's scheme is `https:`.
 *  * Preemptive proxy authentication failed.
 *
 * Planning failures are not necessarily fatal. For example, even if we can't DNS lookup the first

    authType: String,
    host: String,
  ): List<Certificate> {
    if (host in insecureHosts) return listOf()
    try {
      val method =
        checkServerTrustedMethod
          ?: throw CertificateException("Failed to call checkServerTrusted")
      return method.invoke(delegate, chain, authType, host) as List<Certificate>
    } catch (e: InvocationTargetException) {
      throw e.targetException
    }
  }