/*
     * TODO(cpovirk): move ForwardingTestCase somewhere common, and use it to
     * test the forwarded methods
     */
  }

  @AndroidIncompatible // Mocking ExecutorService is forbidden there. TODO(b/218700094): Don't mock.
  public void testListeningDecorator_noWrapExecuteTask() {
    ExecutorService delegate = mock(ExecutorService.class);
    ListeningExecutorService service = listeningDecorator(delegate);

    /*
     * TODO(cpovirk): move ForwardingTestCase somewhere common, and use it to
     * test the forwarded methods
     */
  }

  @AndroidIncompatible // Mocking ExecutorService is forbidden there. TODO(b/218700094): Don't mock.
  public void testListeningDecorator_noWrapExecuteTask() {
    ExecutorService delegate = mock(ExecutorService.class);
    ListeningExecutorService service = listeningDecorator(delegate);

func TestKMSHandlersCreateKey(t *testing.T) {
	adminTestBed, tearDown := setupKMSTest(t, true)
	defer tearDown()

	tests := []kmsTestCase{
		// Create key test
		{
			name:   "create key as user with no policy want forbidden",
			method: http.MethodPost,
			path:   kmsKeyCreatePath,
			query:  map[string]string{"key-id": "new-test-key"},
			asRoot: false,

			wantStatusCode: http.StatusForbidden,

    }

  fun test(component: Component) =
    apply {
      for ((codePoint, encoding) in encodings) {
        val codePointString = Encoding.IDENTITY.encode(codePoint)
        if (encoding == Encoding.FORBIDDEN) {
          testForbidden(codePoint, codePointString, component)
          continue
        }
        if (encoding == Encoding.PUNYCODE) {
          testPunycode(codePointString, component)
          continue

  //  2. Permitted subjects: and behavior when a disallowed subject is requested.
  //  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
  //  4. Required, permitted, or forbidden key usages / extended key usages.

  // +optional
  repeated string allowedUnsafeSysctls = 19;

  // forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
  // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
  // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
  //
  // Examples:
  // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.

                        } else {
                            responseData.setResponseBody(file, false);
                        }
                    }
                } else {
                    // Forbidden
                    responseData.setHttpStatusCode(Constants.FORBIDDEN_STATUS_CODE);
                    responseData.setMimeType(APPLICATION_OCTET_STREAM);
                }
            } else if (file.isDirectory()) {

    if (cacheCandidate != null && cacheResponse == null) {
      // The cache candidate wasn't applicable. Close it.
      cacheCandidate.body.closeQuietly()
    }

    // If we're forbidden from using the network and the cache is insufficient, fail.
    if (networkRequest == null && cacheResponse == null) {
      return Response.Builder()
        .request(chain.request())
        .protocol(Protocol.HTTP_1_1)

	"Bad Request":                     http.StatusBadRequest,
	"Unauthorized":                    http.StatusUnauthorized,
	"Payment Required":                http.StatusPaymentRequired,
	"Forbidden":                       http.StatusForbidden,
	"Not Found":                       http.StatusNotFound,
	"Method Not Allowed":              http.StatusMethodNotAllowed,
	"Not Acceptable":                  http.StatusNotAcceptable,

   * sent.
   */
  private fun recover(
    e: IOException,
    call: RealCall,
    userRequest: Request,
    requestSendStarted: Boolean,
  ): Boolean {
    // The application layer has forbidden retries.
    if (!client.retryOnConnectionFailure) return false

    // We can't send the request body again.
    if (requestSendStarted && requestIsOneShot(e, userRequest)) return false