* a chain of certificates. The server uses a set of trusted root certificates to authenticate the
 * client. Subject alternative names are not used for client authentication.
 */
@Suppress("DEPRECATION")
class HeldCertificate(
  @get:JvmName("keyPair") val keyPair: KeyPair,
  @get:JvmName("certificate") val certificate: X509Certificate,
) {
  @JvmName("-deprecated_certificate")
  @Deprecated(
    message = "moved to val",

  private val server = MockWebServer()

  private lateinit var serverRootCa: HeldCertificate
  private lateinit var serverIntermediateCa: HeldCertificate
  private lateinit var serverCert: HeldCertificate
  private lateinit var clientRootCa: HeldCertificate
  private lateinit var clientIntermediateCa: HeldCertificate
  private lateinit var clientCert: HeldCertificate

  @BeforeEach
  fun setUp() {
    platform.assumeNotOpenJSSE()

  fun pinRootNotPresentInChain() {
    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
    val rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(1)
        .commonName("root")
        .build()
    val intermediateCa =
      HeldCertificate
        .Builder()
        .signedBy(rootCa)
        .certificateAuthority(0)
        .serialNumber(2L)

    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()
    builder = builder.heldCertificate(heldCertificate, heldCertificate.certificate())
    builder = builder.addTrustedCertificate(heldCertificate.certificate())
  }

  @Test @Disabled
  fun heldCertificate() {
    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()

  @Test
  fun commonName() {
    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("cash.app")
        .build()
    val certificate = heldCertificate.certificate
    assertThat(certificate.getSubjectX500Principal().name).isEqualTo("CN=cash.app")
  }

  @Test
  fun organizationalUnit() {
    val heldCertificate =
      HeldCertificate
        .Builder()

  @Test
  fun heldCertificate() {
    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()
    val certificate: X509Certificate = heldCertificate.certificate
    val keyPair: KeyPair = heldCertificate.keyPair
    val certificatePem: String = heldCertificate.certificatePem()
    val privateKeyPkcs8Pem: String = heldCertificate.privateKeyPkcs8Pem()
    val privateKeyPkcs1Pem: String = heldCertificate.privateKeyPkcs1Pem()
  }

  companion object {
    val certA1 =
      HeldCertificate
        .Builder()
        .serialNumber(100L)
        .build()
    val certA1Sha256Pin = pin(certA1.certificate)
    val certB1 =
      HeldCertificate
        .Builder()
        .serialNumber(200L)
        .build()
    val certB1Sha256Pin = pin(certB1.certificate)
    val certC1 =
      HeldCertificate
        .Builder()
        .serialNumber(300L)

    assertThat(encoded).isEqualTo(privateKeyInfoByteString)
  }

  @Test
  fun `RSA issuer and signature`() {
    val root =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .rsa2048()
        .build()
    val certificate =
      HeldCertificate
        .Builder()
        .signedBy(root)
        .rsa2048()
        .build()

  }

  @Test fun generatedCertificate() {
    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("Foo Corp")
        .addSubjectAlternativeName("foo.com")
        .build()
    val session = session(heldCertificate.certificatePem())
    assertThat(verifier.verify("foo.com", session)).isTrue()

  private lateinit var rootCa: HeldCertificate
  private lateinit var certificate: HeldCertificate
  private val dns = FakeDns()
  private lateinit var url: HttpUrl
  private lateinit var serverIps: List<InetAddress>

  @BeforeEach
  fun setUp() {
    platform.assumeHttp2Support()
    platform.assumeNotBouncyCastle()
    rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)