|
      """.trimMargin()
    val pkcs8Pem =
      """
      |-----BEGIN PRIVATE KEY-----
      |MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCA7ODT0xhGSNn4ESj6J
      |lu/GJQZoU9lDrCPeUcQ28tzOWw==
      |-----END PRIVATE KEY-----
      |
      """.trimMargin()
    val bcPkcs8Pem =
      """
      |-----BEGIN PRIVATE KEY-----
      |ME0CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEMzAxAgEBBCA7ODT0xhGSNn4ESj6J

    the proxy selectors are different. Ugh!


## Version 4.2.0

_2019-09-10_

 *  New: API to decode a certificate and private key to create a `HeldCertificate`. This accepts a
    string containing both a certificate and PKCS #8-encoded private key.

    ```kotlin
    val heldCertificate = HeldCertificate.decode("""
        |-----BEGIN CERTIFICATE-----

 * accepted by [javax.net.ssl.TrustManager].
 *
 * See also [OWASP: Certificate and Public Key Pinning][owasp].
 *
 * [charles]: http://charlesproxy.com
 * [fiddler]: http://fiddlertool.com
 * [langley]: http://goo.gl/AIx3e5
 * [owasp]: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
 * [rfc_7469]: http://tools.ietf.org/html/rfc7469
 * [static_certificates]: http://goo.gl/XDh6je
 */

        // https://tools.ietf.org/html/rfc4055#section-2.1
        ObjectIdentifiers.SHA256_WITH_RSA_ENCRYPTION -> Adapters.NULL
        ObjectIdentifiers.RSA_ENCRYPTION -> Adapters.NULL
        ObjectIdentifiers.EC_PUBLIC_KEY -> Adapters.OBJECT_IDENTIFIER
        else -> null
      }
    }

  /**
   * ```
   * AlgorithmIdentifier ::= SEQUENCE  {
   *   algorithm      OBJECT IDENTIFIER,

    for (entry in lruEntries.values.toTypedArray()) {
      removeEntry(entry)
    }
    mostRecentTrimFailed = false
  }

  private fun validateKey(key: String) {
    require(LEGAL_KEY_PATTERN.matches(key)) { "keys must match regex [a-z0-9_-]{1,120}: \"$key\"" }
  }

  /**
   * Returns an iterator over the cache's current entries. This iterator doesn't throw

 *    or after it ends.
 *
 *  * **A public key.** This cryptographic key is used for asymmetric encryption digital signatures.
 *    Note that the private key is not a part of the certificate!
 *
 *  * **A signature issued by another certificate's private key.** This mechanism allows a trusted
 *    third-party to endorse a certificate. Third parties should only endorse certificates once

  private var requestCount = 0

  val isClosed: Boolean
    get() = cache.isClosed()

  internal fun get(request: Request): Response? {
    val key = key(request.url)
    val snapshot: DiskLruCache.Snapshot =
      try {
        cache[key] ?: return null
      } catch (_: IOException) {
        return null // Give up because the cache cannot be read.
      }

    val entry: Entry =
      try {

      "GET /a/deep/path?key=foo%20bar HTTP/1.1",
    )
    val requestUrl = request.requestUrl
    assertThat(requestUrl!!.scheme).isEqualTo("http")
    assertThat(requestUrl.host).isEqualTo(server.hostName)
    assertThat(requestUrl.port).isEqualTo(server.port)
    assertThat(requestUrl.encodedPath).isEqualTo("/a/deep/path")
    assertThat(requestUrl.queryParameter("key")).isEqualTo("foo bar")
  }

  @Test

   * Otherwise this returns an empty list of challenges.
   *
   * If a challenge uses the `token68` variant instead of auth params, there is exactly one
   * auth param in the challenge at key null. Invalid headers and challenges are ignored.
   * No semantic validation is done, for example that `Basic` auth must have a `realm`
   * auth param, this is up to the caller that interprets these challenges.
   */

  fun headers(name: String): List<String> = commonHeaders(name)

  /** Returns the tag attached with [T] as a key, or null if no tag is attached with that key. */
  @JvmName("reifiedTag")
  inline fun <reified T : Any> tag(): T? = tag(T::class)

  /** Returns the tag attached with [type] as a key, or null if no tag is attached with that key. */
  fun <T : Any> tag(type: KClass<T>): T? = type.java.cast(tags[type])

  /**