if (!decodeIpv4Suffix(input, groupOffset, limit, address, b - 2)) return null
        b += 2 // We rewound two bytes and then added four.
        break
      } else {
        return null // Wrong delimiter.
      }
    }

    // Read a group, one to four hex digits.
    var value = 0
    groupOffset = i
    while (i < limit) {
      val hexDigit = input[i].parseHexDigit()

      private var canRemove = false

      override fun hasNext(): Boolean {
        if (nextUrl != null) return true

        canRemove = false // Prevent delegate.remove() on the wrong item!
        while (delegate.hasNext()) {
          try {
            delegate.next().use { snapshot ->
              val metadata = snapshot.getSource(ENTRY_METADATA).buffer()

  fun reconnectingToNonWebSocket() {
    for (i in 0..29) {
      webServer.enqueue(
        MockResponse.Builder()
          .bodyDelay(100, TimeUnit.MILLISECONDS)
          .body("Wrong endpoint")
          .code(401)
          .build(),
      )
    }
    val request =
      Request.Builder()
        .url(webServer.url("/"))
        .build()

    of unacknowledged data per stream and no per-connection limit.

 *  Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We
    had a severe bug where web sockets were closed on the wrong thread, which caused
    `NullPointerException` crashes in `Deflater`.

 *  Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released

   * connection is fine the ping will receive a pong; otherwise it won't.
   *
   * The deadline to respond to this ping attempts to limit the cost of being wrong. If it is too
   * long, streams created while we await the pong will reuse broken connections and inevitably
   * fail. If it is too short, slow connections will be marked as failed and extra TCP and TLS

            byteString = okHttpCertificate.signatureValue.byteString.offByOneBit(),
          ),
      )
    assertThat(okHttpCertificateWithBadSignature.checkSignature(root.keyPair.public)).isFalse()

    // Wrong public key.
    assertThat(okHttpCertificate.checkSignature(certificate.keyPair.public)).isFalse()
  }

  @Test
  fun `EC issuer and signature`() {
    val root =
      HeldCertificate.Builder()

   *             -> pinnedIntermediate (trusted by CertificatePinner)
   *                 -> attackerSwitch (not a CA certificate!)
   *                     -> phonyVictim
   * ```
   *
   * But this chain is wrong because the attackerSwitch certificate is being used in a CA role even
   * though it is not a CA certificate. There are pinned certificates in the chain! The correct
   * chain is much shorter because it skips the non-CA certificate.

gr.eu.org gr.it gr.jp grainger grajewo.pl gran.no grandrapids.museum grane.no granvin.no graphics graphox.us gratangen.no gratis graz.museum greater.jp green greta.fr grimstad.no gripe griw.gov.pl grocery groks-the.info groks-this.info grondar.za grong.no grosseto.it groundhandling.aero group group.aero grozny.ru grozny.su grp.lk gru.br grue.no gs gs.aa.no gs.ah.no gs.bu.no gs.cn gs.fm.no gs.hl.no gs.hm.no gs.jan-mayen.no gs.mr.no gs.nl.no gs.nt.no gs.of.no gs.ol.no gs.oslo.no gs.rl.no gs.sf.no gs.st.no...