* ⬜️ [Moshi](https://github.com/square/moshi): A modern JSON library for Android and Java.
 * [Ok2Curl](https://github.com/mrmike/Ok2Curl): Convert OkHttp requests into curl logs.
 * [OkHttp AWS Signer](https://github.com/babbel/okhttp-aws-signer): AWS V4 signing algorithm for OkHttp requests
 * [okhttp-digest](https://github.com/rburgst/okhttp-digest): A digest authenticator for OkHttp.

   *     is -1 if signing cert is a lone self-signed certificate.
   */
  private fun verifySignature(
    toVerify: X509Certificate,
    signingCert: X509Certificate,
    minIntermediates: Int,
  ): Boolean {
    if (toVerify.issuerDN != signingCert.subjectDN) {
      return false
    }
    if (signingCert.basicConstraints < minIntermediates) {
      return false // The signer can't have this many intermediates beneath it.
    }

     *
     * It helps to consider the real number signif = absX * 2^(SIGNIFICAND_BITS - exponent).
     */
    int shift = exponent - SIGNIFICAND_BITS - 1;
    long twiceSignifFloor = absX.shiftRight(shift).longValue();
    long signifFloor = twiceSignifFloor >> 1;
    signifFloor &= SIGNIFICAND_MASK; // remove the implied bit

    /*
     * We round up if either the fractional part of signif is strictly greater than 0.5 (which is

Group=${packaging.fess.group}

ExecStart=${packaging.fess.bin.dir}/fess

# Connects standard output to /dev/null
StandardOutput=null

# Connects standard error to journal
StandardError=journal

# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=${packaging.os.max.open.files}

Certificate Authorities
-----------------------

The above example uses a self-signed certificate. This is convenient for testing but not
representative of real-world HTTPS deployment. To get closer to that we can use `HeldCertificate`
to generate a trusted root certificate, an intermediate certificate, and a server certificate.
We use `certificateAuthority(int)` to create certificates that can sign other certificates. The

 * fingerprint at 4.0 microseconds and md5 at 4.5 microseconds.
 *
 * <p>Note to maintainers: This implementation relies on signed arithmetic being bit-wise equivalent
 * to unsigned arithmetic in all cases except:
 *
 * <ul>
 *   <li>comparisons (signed values can be negative)
 *   <li>division (avoided here)
 *   <li>shifting (right shift must be unsigned)
 * </ul>
 *

 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate

fun interface TrustRootIndex {
  /** Returns the trusted CA certificate that signed [cert]. */
  fun findByIssuerAndSignature(cert: X509Certificate): X509Certificate?

  }

  @CollectionSize.Require(SEVERAL)
  public void testHigherHole() {
    resetWithHole();
    assertEquals(c, navigableSet.higher(a));
    assertEquals(c, navigableSet.higher(b));
    assertEquals(null, navigableSet.higher(c));
  }

  /*
   * TODO(cpovirk): make "too small" and "too large" elements available for better navigation

  }

  @CollectionSize.Require(SEVERAL)
  public void testHigherHole() {
    resetWithHole();
    assertEquals(c, navigableSet.higher(a));
    assertEquals(c, navigableSet.higher(b));
    assertEquals(null, navigableSet.higher(c));
  }

  /*
   * TODO(cpovirk): make "too small" and "too large" elements available for better navigation

 * fingerprint at 4.0 microseconds and md5 at 4.5 microseconds.
 *
 * <p>Note to maintainers: This implementation relies on signed arithmetic being bit-wise equivalent
 * to unsigned arithmetic in all cases except:
 *
 * <ul>
 *   <li>comparisons (signed values can be negative)
 *   <li>division (avoided here)
 *   <li>shifting (right shift must be unsigned)
 * </ul>
 *