.Builder()
        .certificateAuthority(1)
        .build()
    val intermediate =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .signedBy(root)
        .build()
    val certificate =
      HeldCertificate
        .Builder()
        .signedBy(intermediate)
        .build()
    val handshakeCertificates =
      HandshakeCertificates

     *
     * The chain should include all intermediate certificates but does not need the root certificate
     * that we expect to be known by the remote peer. The peer already has that certificate so
     * transmitting it is unnecessary.
     */
    fun heldCertificate(
      heldCertificate: HeldCertificate,
      vararg intermediates: X509Certificate,
    ) = apply {

        GsaConfigException exception = new GsaConfigException("Top level GSA error", intermediateCause);

        assertNotNull(exception);
        assertEquals("Top level GSA error", exception.getMessage());

        // Check first level cause
        assertNotNull(exception.getCause());
        assertEquals("Intermediate problem", exception.getCause().getMessage());

        Exception intermediateCause = new IllegalStateException("Intermediate cause", rootCause);
        ScriptEngineException exception = new ScriptEngineException("Top level error", intermediateCause);

        assertEquals("Top level error", exception.getMessage());
        assertEquals(intermediateCause, exception.getCause());
        assertEquals("Intermediate cause", exception.getCause().getMessage());

representative of real-world HTTPS deployment. To get closer to that we can use `HeldCertificate`
to generate a trusted root certificate, an intermediate certificate, and a server certificate.
We use `certificateAuthority(int)` to create certificates that can sign other certificates. The
int specifies how many intermediate certificates are allowed beneath it in the chain.

```java
HeldCertificate rootCertificate = new HeldCertificate.Builder()

With rewrites, redirects, follow-ups and retries, your simple request may yield many requests and responses. OkHttp uses `Call` to model the task of satisfying your request through however many intermediate requests and responses are necessary. Typically this isn’t many! But it’s comforting to know that your code will continue to work if your URLs are redirected or if you failover to an alternate IP address.

### Choosing between application and network interceptors

Each interceptor chain has relative merits.

**Application interceptors**

 * Don't need to worry about intermediate responses like redirects and retries.
 * Are always invoked once, even if the HTTP response is served from the cache.
 * Observe the application's original intent. Unconcerned with OkHttp-injected headers like `If-None-Match`.

   * enough precision.
   */
  private static final long C1 = 0xcc9e2d51;
  private static final long C2 = 0x1b873593;

  /*
   * This method was rewritten in Java from an intermediate step of the Murmur hash function in
   * http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp, which contained the
   * following header:
   *

    }

    @Test
    public void testExceptionChaining() {
        IOException rootCause = new IOException("Root cause");
        RuntimeException intermediateCause = new RuntimeException("Intermediate", rootCause);
        CurlException exception = new CurlException("Final message", intermediateCause);

        assertEquals("Final message", exception.getMessage());

  }

  /**
   * Returns true if [toVerify] was signed by [signingCert]'s public key.
   *
   * @param minIntermediates the minimum number of intermediate certificates in [signingCert]. This
   *     is -1 if signing cert is a lone self-signed certificate.
   */
  private fun verifySignature(
    toVerify: X509Certificate,
    signingCert: X509Certificate,