.certificateAuthority(0)
        .commonName("compromised intermediate")
        .signedBy(pinnedRoot)
        .build()
    val attackerIntermediate =
      HeldCertificate
        .Builder()
        .keyPair(attackerCa.keyPair) // Share keys between compromised CA and intermediate!
        .serialNumber(4L)
        .certificateAuthority(0) // More intermediates than permitted by signer!
        .commonName("attacker intermediate")

 *
 * In this example the HTTP client already knows and trusts the last certificate, "Entrust Root
 * Certification Authority - G2". That certificate is used to verify the signature of the
 * intermediate certificate, "Entrust Certification Authority - L1M". The intermediate certificate
 * is used to verify the signature of the "www.squareup.com" certificate.
 *
 * This roles are reversed for client authentication. In that case the client has a private key and

  private fun buildClient(
    heldCertificate: HeldCertificate?,
    vararg intermediates: X509Certificate,
  ): OkHttpClient {
    val builder =
      HandshakeCertificates
        .Builder()
        .addTrustedCertificate(serverRootCa.certificate)
    if (heldCertificate != null) {
      builder.heldCertificate(heldCertificate, *intermediates)
    }
    val handshakeCertificates = builder.build()
    return clientTestRule

 *  Fix: Don't crash loading the public suffix database resource in obfuscated builds.
 *  Fix: Don't silently ignore calls to `EventSource.cancel()` made from
    `EventSourceListener.onOpen()`.
 *  Fix: Enforce the max intermediates constraint when using pinned certificates with Conscrypt.
    This impacts Conscrypt when the server's presented certificates form both a trusted-but-unpinned
    chain and an untrusted-but-pinned chain.

## Changelog since v1.2.6

### Other notable changes

* Test x509 intermediates correctly ([#34524](https://github.com/kubernetes/kubernetes/pull/34524), [@liggitt](https://github.com/liggitt))



# v1.2.6

    assertThrows(IllegalArgumentException.class, () -> intermediate.indexes(1, -1, 3));
  }

  public void testScale_indexes_varargs_tooHigh() {
    Quantiles.Scale intermediate = Quantiles.scale(10);
    assertThrows(IllegalArgumentException.class, () -> intermediate.indexes(1, 11, 3));
  }

  public void testScale_indexes_collection_negative() {

    assertThrows(IllegalArgumentException.class, () -> intermediate.indexes(1, -1, 3));
  }

  public void testScale_indexes_varargs_tooHigh() {
    Quantiles.Scale intermediate = Quantiles.scale(10);
    assertThrows(IllegalArgumentException.class, () -> intermediate.indexes(1, 11, 3));
  }

  public void testScale_indexes_collection_negative() {

   *
   * <p>This uses an efficient binary recursive algorithm to compute the factorial with balanced
   * multiplies. It also removes all the 2s from the intermediate products (shifting them back in at
   * the end).
   *
   * @throws IllegalArgumentException if {@code n < 0}
   */
  public static BigInteger factorial(int n) {
    checkNonNegative("n", n);

  public boolean removeIfZero(K key) {
    return remove(key, 0);
  }

  /**
   * Removes all mappings from this map whose values are zero.
   *
   * <p>This method is not atomic: the map may be visible in intermediate states, where some of the
   * zero values have been removed and others have not.
   */
  public void removeAllZeros() {
    map.values().removeIf(x -> x == 0);
  }

  /**

We’ve included deprecated APIs in OkHttp 4.0 because they make migration easy. We will remove them
in a future release! If you’re skipping releases, it’ll be much easier if you upgrade to OkHttp 4.0
as an intermediate step.

#### Vars and Vals

Java doesn’t have language support for properties so developers make do with getters and setters.
Kotlin does have properties and we take advantage of them in OkHttp.