if (!OpenJSSEPlatform.isSupported) {
            System.err.println("Warning: OpenJSSE not available")
          }

          if (System.getProperty("javax.net.debug") == null) {
            System.setProperty("javax.net.debug", "")
          }

          Security.insertProviderAt(OpenJSSE(), 1)

        if (bc != null) {
          return bc
        }
      }

      if (isOpenJSSEPreferred) {
        val openJSSE = OpenJSSEPlatform.buildIfSupported()

        if (openJSSE != null) {
          return openJSSE
        }
      }

      // An Oracle JDK 9 like OpenJDK, or JDK 8 251+.
      val jdk9 = Jdk9Platform.buildIfSupported()

      if (jdk9 != null) {

          java-version: 17

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3

      - name: Run Checks
        run: ./gradlew test -Dtest.java.version=8 -Dokhttp.platform=openjsse

  testconscrypt:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'conscrypt')

    steps:
      - name: Checkout

 *  Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings
    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,
    `org.bouncycastle`, and `org.openjsse`.
 *  Upgrade: Explicitly depend on `kotlin-stdlib-jdk8`. This fixes a problem with dependency
    locking. That's a potential security vulnerability, tracked as [CVE-2022-24329].

	kexAlgoCurve25519SHA256LibSSH = "******@****.***"
	kexAlgoCurve25519SHA256       = "curve25519-sha256"

	chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
	gcm256CipherID     = "aes256-gcm@openssh.com"
	aes128cbcID        = "aes128-cbc"
	tripledescbcID     = "3des-cbc"
)

var (
	errSFTPPublicKeyBadFormat = errors.New("the public key provided could not be parsed")

  $url = ("https://github.com/PowerShell/Win32-OpenSSH/releases/download/" +
          "v7.9.0.0p1-Beta/OpenSSH-Win64.zip")
  $ProgressPreference = 'SilentlyContinue'
  Invoke-WebRequest $url -OutFile C:\openssh-win64.zip

  # Unzip and install open-ssh
  Expand-Archive -Force C:\openssh-win64.zip -DestinationPath $OPENSSH_ROOT
  powershell.exe `
      -ExecutionPolicy Bypass `
      -File "$OPENSSH_ROOT\OpenSSH-Win64\install-sshd.ps1"

/*unchecked*/ void _goboringcrypto_BORINGSSL_bcm_power_on_self_test(void);

// #include <openssl/crypto.h>
int _goboringcrypto_FIPS_mode(void);
void* _goboringcrypto_OPENSSL_malloc(size_t);

// #include <openssl/rand.h>
int _goboringcrypto_RAND_bytes(uint8_t*, size_t);

// #include <openssl/nid.h>
enum {
	GO_NID_md5_sha1 = 114,

	GO_NID_secp224r1 = 713,
	GO_NID_X9_62_prime256v1 = 415,

-----END CERTIFICATE-----
`

	/*

	   > selfSignedCert

	   openssl genrsa -out selfsign.key 1024 && \
	   openssl req -new -x509 -days 36500 \
	   	-sha1 -key selfsign.key  \
	   	-out selfsign.crt \
	   	-subj "/C=US/ST=My State/L=My City/O=My Org/O=My Unit/CN=self1" \
	   	&& \
	   openssl x509 -in selfsign.crt -text


	   > output

	   Certificate:
	       Data:

}

// checkOpenSSLVersion ensures that the version of OpenSSL looks reasonable
// before updating the test data.
func checkOpenSSLVersion() error {
	if !*update {
		return nil
	}

	openssl := exec.Command("openssl", "version")
	output, err := openssl.CombinedOutput()
	if err != nil {
		return err
	}

	version := string(output)
	if strings.HasPrefix(version, "OpenSSL 1.1.1") {
		return nil
	}

    // x509_extensions=x509_extensions
    // [distinguished_name]
    // [req_extensions]
    // [x509_extensions]
    // subjectAltName=DNS:localhost.localdomain,DNS:localhost,IP:127.0.0.1
    //
    // $ openssl req -x509 -nodes -days 36500 -subj '/CN=localhost' -config ./cert.cnf \
    //     -newkey rsa:512 -out cert.pem
    val certificate =
      certificate(
        """
        -----BEGIN CERTIFICATE-----