*/

  /**
   * Padded variant of AtomicLong supporting only raw accesses plus CAS. The value field is placed
   * between pads, hoping that the JVM doesn't reorder them.
   *
   * <p>JVM intrinsics note: It would be possible to use a release-only form of CAS here, if it were
   * provided.
   */
  static final class Cell {
    volatile long p0, p1, p2, p3, p4, p5, p6;

// Some Android 5.0.x Samsung devices have bugs in JDK reflection APIs that cause
// getDeclaredField to throw a NoSuchFieldException when the field is definitely there.
// Since this class only needs CAS on one field, we can avoid this bug by extending AtomicReference
// instead of using an AtomicReferenceFieldUpdater. This reference stores Thread instances
// and DONE/INTERRUPTED - they have a common ancestor of Runnable.

     */
    Waiter(boolean unused) {}

    Waiter() {
      // avoid volatile write, write is made visible by subsequent CAS on waitersField field
      putThread(this, Thread.currentThread());
    }

    // non-volatile write to the next field. Should be made visible by a subsequent CAS on
    // waitersField.
    void setNext(@Nullable Waiter next) {
      putNext(this, next);
    }

    void unpark() {

     */
    Waiter(boolean unused) {}

    Waiter() {
      // avoid volatile write, write is made visible by subsequent CAS on waitersField field
      putThread(this, Thread.currentThread());
    }

    // non-volatile write to the next field. Should be made visible by a subsequent CAS on
    // waitersField.
    void setNext(@Nullable Waiter next) {
      putNext(this, next);
    }

    void unpark() {

            // throwables or completion values.
            newFuture.setFuture(oldFuture);
          } else if (outputFuture.isCancelled() && taskExecutor.trySetCancelled()) {
            // If this CAS succeeds, we know that the provided callable will never be invoked,
            // so when oldFuture completes it is safe to allow the next submitted task to

    // The attacker compromises the root CA, issues an intermediate with the same common name
    // "intermediate_ca" as the good CA. This signs a rogue certificate for localhost. The server
    // serves the good CAs certificate in the chain, which means the certificate pinner sees a
    // different set of certificates than the SSL verifier.
    val compromisedIntermediateCa =
      HeldCertificate
        .Builder()

internal object CertificateAdapters {
  /**
   * ```
   * Time ::= CHOICE {
   *   utcTime        UTCTime,
   *   generalTime    GeneralizedTime
   * }
   * ```
   *
   * RFC 5280, section 4.1.2.5:
   *
   * > CAs conforming to this profile MUST always encode certificate validity dates through the year
   * > 2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as
   * > GeneralizedTime.
   */

     * #COMPLETED}, {@link #CANCELLED}, or {@link #INTERRUPTED}
     *
     * <p>To avoid races between threads doing release and acquire, we transition to the final state
     * in two steps. One thread will successfully CAS from RUNNING to COMPLETING, that thread will
     * then set the result of the computation, and only then transition to COMPLETED, CANCELLED, or
     * INTERRUPTED.
     *

 * chain. The chain terminates in a self-signed "root" certificate. Signing certificates in the
 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the