}
  }

  @Test
  fun testBuildIfSupported() {
    val actual = OpenJSSEPlatform.buildIfSupported()
    assertThat(actual).isNotNull()
  }

  private fun enableTls() {
    // Generate a self-signed cert for the server to serve and the client to trust.
    // can't use TlsUtil.localhost with a non OpenJSSE trust manager
    val heldCertificate =
      HeldCertificate.Builder()
        .commonName("localhost")

    val now = System.currentTimeMillis()
    val heldCertificate = HeldCertificate.Builder().build()
    val certificate = heldCertificate.certificate
    assertThat(certificate.getSubjectX500Principal().name, "self-signed")
      .isEqualTo(certificate.getIssuerX500Principal().name)
    assertThat(certificate.getIssuerX500Principal().name).matches(Regex("CN=[0-9a-f-]{36}"))
    assertThat(certificate.serialNumber).isEqualTo(BigInteger.ONE)

      CertificateAdapters.subjectPublicKeyInfo.fromDer(bytes)
    }.also { expected ->
      assertThat(expected.message).isEqualTo("enclosed object too large")
    }
  }

  /** Object identifiers are nominally self-delimiting. Outrun the limit with one. */
  @Test fun `variable length long outruns limit`() {
    val bytes = "060229ffffff7f".decodeHex()
    assertFailsWith<ProtocolException> {

          if (nanos == 0L) return

          // Yield until notified, interrupted, or the duration elapses.
          val waitUntil = nanoTime + nanos
          val self = currentTask
          waitingCoordinatorTask = self
          waitingCoordinatorNotified = false
          waitingCoordinatorInterrupted = false
          yieldUntil {

 */
class AndroidAsyncDnsTest {
  @JvmField @Rule
  val serverRule = MockWebServerRule()
  private lateinit var client: OkHttpClient

  private val localhost: HandshakeCertificates by lazy {
    // Generate a self-signed cert for the server to serve and the client to trust.
    val heldCertificate =
      HeldCertificate.Builder()
        .addSubjectAlternativeName("localhost")
        .build()

    when no certificates were pinned. This avoids an SSL failure in insecure
    “trust everyone” configurations, such as when talking to a development
    HTTPS server that has a self-signed certificate.


## Version 3.1.1

_2016-02-07_

 *  Fix: Don't crash when finding the trust manager if the Play Services (GMS)
    security provider is installed.

 *    other properties.
 *
 * Certificates are signed by other certificates and a sequence of them is called a certificate
 * chain. The chain terminates in a self-signed "root" certificate. Signing certificates in the
 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *

 * migrate between certificate authorities. Do not use certificate pinning without the blessing of
 * your server's TLS administrator!
 *
 * ### Note about self-signed certificates
 *
 * [CertificatePinner] can not be used to pin self-signed certificate if such certificate is not
 * accepted by [javax.net.ssl.TrustManager].
 *
 * See also [OWASP: Certificate and Public Key Pinning][owasp].
 *

      // certificate in the chain is itself a self-signed and trusted CA certificate.)
      val trustedCert = trustRootIndex.findByIssuerAndSignature(toVerify)
      if (trustedCert != null) {
        if (result.size > 1 || toVerify != trustedCert) {
          result.add(trustedCert)
        }
        if (verifySignature(trustedCert, trustedCert, result.size - 2)) {
          return result // The self-signed cert is a root CA. We're done.
        }

     * environments and only to carry test data.
     *
     * The server’s TLS certificate **does not need to be signed** by a trusted certificate
     * authority. Instead, it will trust any well-formed certificate, even if it is self-signed.
     * This is necessary for testing against localhost or in development environments where a
     * certificate authority is not possible.
     *