assertThat(source.read(sourceBuffer, 1024)).isEqualTo(-1)
    assertThat(sourceBuffer.size).isEqualTo(0)
    source.close()
    assertThat(relay.isClosed).isTrue()
    assertFile(Relay.PREFIX_CLEAN, 13L, metadata.size, "abcdefghijklm", metadata)
  }

  @Test
  fun multipleSources() {
    val upstream = Buffer()
    upstream.writeUtf8("abcdefghijklm")
    val relay = edit(file, upstream, metadata, 1024)

        trusted.certificate,
      )
    assertThat(cleaner.clean(list(certB, certA), "hostname")).isEqualTo(
      list(certB, certA, trusted, selfSigned),
    )
    assertThat(cleaner.clean(list(certB, certA, trusted), "hostname")).isEqualTo(
      list(certB, certA, trusted, selfSigned),
    )
    assertThat(cleaner.clean(list(certB, certA, trusted, selfSigned), "hostname"))
      .isEqualTo(

 * cannot do TLS over domain sockets.
 */
public class ClientAndServer {
  public void run() throws Exception {
    File socketFile = new File("/tmp/ClientAndServer.sock");
    socketFile.delete(); // Clean up from previous runs.

    MockWebServer server = new MockWebServer();
    server.setServerSocketFactory(new UnixDomainServerSocketFactory(socketFile));

        Array<X509Certificate>::class.java,
        String::class.java,
        String::class.java,
      )
    } catch (_: NoSuchMethodException) {
      null
    }

  /** Android method to clean and sort certificates, called via reflection. */
  @Suppress("unused", "UNCHECKED_CAST")
  fun checkServerTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    host: String,
  ): List<Certificate> {

  private val x509TrustManagerExtensions: X509TrustManagerExtensions,
) : CertificateChainCleaner() {
  @Suppress("UNCHECKED_CAST")
  @Throws(SSLPeerUnverifiedException::class)
  @SuppressSignatureCheck
  override fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate> {
    val certificates = (chain as List<X509Certificate>).toTypedArray()
    try {

    }
  }

internal fun commonHeadersOf(vararg inputNamesAndValues: String): Headers {
  require(inputNamesAndValues.size % 2 == 0) { "Expected alternating header names and values" }

  // Make a defensive copy and clean it up.
  val namesAndValues: Array<String> = arrayOf(*inputNamesAndValues)
  for (i in namesAndValues.indices) {
    require(namesAndValues[i] != null) { "Headers cannot be null" }

import java.util.Deque
import javax.net.ssl.SSLPeerUnverifiedException

/**
 * A certificate chain cleaner that uses a set of trusted root certificates to build the trusted
 * chain. This class duplicates the clean chain building performed during the TLS handshake. We
 * prefer other mechanisms where they exist, such as with
 * [okhttp3.internal.platform.AndroidPlatform.AndroidCertificateChainCleaner].
 *

 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate>

  companion object {
    fun get(trustManager: X509TrustManager): CertificateChainCleaner {

1. Script the mocks.
2. Run application code.
3. Verify that the expected requests were made.

Here's a complete example:

```java
public void test() throws Exception {
  // Create a MockWebServer. These are lean enough that you can create a new
  // instance for every unit test.
  MockWebServer server = new MockWebServer();

  // Schedule some responses.
  server.enqueue(new MockResponse().setBody("hello, world!"));

 * [Thrifty](https://github.com/Microsoft/thrifty): An implementation of Apache Thrift for Android.