/**
   * Returns the RFC 7235 authorization challenges appropriate for this response's code. If the
   * response code is 401 unauthorized, this returns the "WWW-Authenticate" challenges. If the
   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *

    val response =
      Response.Builder()
        .request(request)
        .code(401)
        .header("WWW-Authenticate", "Basic realm=\"User Visible Realm\"")
        .protocol(HTTP_2)
        .message("Unauthorized")
        .build()
    val authRequest = authenticator.authenticate(route, response)

    assertEquals(
      "Basic ${RecordingAuthenticator.BASE_64_CREDENTIALS}",
      authRequest!!.header("Authorization"),

import java.net.HttpURLConnection.HTTP_MULT_CHOICE
import java.net.HttpURLConnection.HTTP_PROXY_AUTH
import java.net.HttpURLConnection.HTTP_SEE_OTHER
import java.net.HttpURLConnection.HTTP_UNAUTHORIZED
import java.net.HttpURLConnection.HTTP_UNAVAILABLE
import java.net.ProtocolException
import java.net.Proxy
import java.net.SocketTimeoutException
import java.security.cert.CertificateException

   */
  @Test
  fun unauthorizedResponseHandling() {
    val mockResponse =
      MockResponse(
        code = HttpURLConnection.HTTP_UNAUTHORIZED,
        headers = headersOf("WWW-Authenticate", "challenge"),
        body = "Unauthorized",
      )
    server.enqueue(mockResponse)
    server.enqueue(mockResponse)
    server.enqueue(mockResponse)
    val response = getResponse(newRequest("/"))

        .requestIOException()
        .exhaustResponse()
    server.enqueue(
      MockResponse.Builder()
        .clearHeaders()
        .code(HttpURLConnection.HTTP_UNAUTHORIZED)
        .streamHandler(body1)
        .build(),
    )
    val body =
      MockStreamHandler()
        .sendResponse("response body\n")
        .exhaustResponse()

  fun authenticate(
    protocol: Protocol,
    mockWebServer: MockWebServer,
  ) {
    setUp(protocol, mockWebServer)
    server.enqueue(
      MockResponse(
        code = HttpURLConnection.HTTP_UNAUTHORIZED,
        headers = headersOf("www-authenticate", "Basic realm=\"protected area\""),
        body = "Please authenticate.",
      ),
    )
    server.enqueue(
      MockResponse(body = "Successful auth!"),

    when (responseCode) {
      HttpURLConnection.HTTP_PROXY_AUTH -> {
        builder.addHeader("Proxy-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_UNAUTHORIZED -> {
        builder.addHeader("WWW-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_NO_CONTENT, HttpURLConnection.HTTP_RESET -> {

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common

                  ),
                ),
                listOf(
                  AttributeTypeAndValue(
                    type = ORGANIZATIONAL_UNIT_NAME,
                    value = "(c) 2009 Entrust, Inc. - for authorized use only",
                  ),
                ),
                listOf(
                  AttributeTypeAndValue(
                    type = COMMON_NAME,

        }
      }
    ```

### Handling authentication ([.kt][AuthenticateKotlin], [.java][AuthenticateJava])

OkHttp can automatically retry unauthenticated requests. When a response is `401 Not Authorized`, an `Authenticator` is asked to supply credentials. Implementations should build a new request that includes the missing credentials. If no credentials are available, return null to skip the retry.