hpackWriter!!.writeHeaders(headerEntries(":authority", "foo.com"))
    assertBytes(0x41, 7, 'f'.code, 'o'.code, 'o'.code, '.'.code, 'c'.code, 'o'.code, 'm'.code)
    assertThat(hpackWriter!!.headerCount).isEqualTo(1)
    hpackWriter!!.writeHeaders(headerEntries(":authority", "foo.com"))
    assertBytes(0xbe)
    assertThat(hpackWriter!!.headerCount).isEqualTo(1)

 * ```
 *
 * In this example the HTTP client already knows and trusts the last certificate, "Entrust Root
 * Certification Authority - G2". That certificate is used to verify the signature of the
 * intermediate certificate, "Entrust Certification Authority - L1M". The intermediate certificate
 * is used to verify the signature of the "www.squareup.com" certificate.
 *

certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict...

 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root
 * Pinned certificates for publicobject.com:
 *     sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

   *
   * @param streamId client-initiated stream ID.  Must be an odd number.
   * @param promisedStreamId server-initiated stream ID.  Must be an even number.
   * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`, and `:path`.
   */
  @Throws(IOException::class)
  fun pushPromise(
    streamId: Int,
    promisedStreamId: Int,
    requestHeaders: List<Header>,
  ) {
    this.withLock {

    // Adapt the request and response into our Request and Response domain model.
    val scheme = if (request.handshake != null) "https" else "http"
    val authority = request.headers["Host"] // Has host and port.
    val fancyRequest =
      Request.Builder()
        .url("$scheme://$authority/")
        .headers(request.headers)
        .build()
    val fancyResponse =
      Response.Builder()
        .code(webSocketResponse.code)

     * @param streamId client-initiated stream ID.  Must be an odd number.
     * @param promisedStreamId server-initiated stream ID.  Must be an even number.
     * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`, and `:path`.
     */
    @Throws(IOException::class)
    fun pushPromise(
      streamId: Int,
      promisedStreamId: Int,
      requestHeaders: List<Header>,
    )

    /**

              writeByteString(value)
              insertIntoDynamicTable(header)
            }
            name.startsWith(Header.PSEUDO_PREFIX) && TARGET_AUTHORITY != name -> {
              // Follow Chromes lead - only include the :authority pseudo header, but exclude all other
              // pseudo headers. Literal Header Field without Indexing - Indexed Name.
              writeInt(headerNameIndex, PREFIX_4_BITS, 0)

                  ),
                ),
                listOf(
                  AttributeTypeAndValue(
                    type = COMMON_NAME,
                    value = "Entrust Root Certification Authority",
                  ),
                ),
              ),
            validity =
              Validity(
                notBefore = 1411406097000L,
                notAfter = 1727055113000L,

   * signed by the compromised CA's certificate and uses it in a non-CA certificate. They ask the
   * pinned CA above to sign it for non-certificate-authority uses:
   *
   * ```
   *   pinnedRoot (trusted by CertificatePinner)
   *     -> pinnedIntermediate (trusted by CertificatePinner)
   *         -> attackerSwitch
   * ```
   *