@SuppressLint("NewApi")
  @IgnoreJRERequirement // This function is overridden to require API >= 24.
  open fun getHandshakeServerNames(sslSocket: SSLSocket): List<String> {
    val session = sslSocket.session as? ExtendedSSLSession ?: return listOf()
    return session.requestedServerNames.mapNotNull { (it as? SNIHostName)?.asciiName }
  }

  @Throws(IOException::class)
  open fun connectSocket(
    socket: Socket,

        .build()
    val session = session(heldCertificate.certificatePem())
    assertThat(verifier.verify("foo.com", session)).isFalse()
    assertThat(verifier.verify("bar.com", session)).isFalse()
    assertThat(verifier.verify("k.com", session)).isTrue()
    assertThat(verifier.verify("K.com", session)).isTrue()
    assertThat(verifier.verify("\u2121.com", session)).isFalse()

        .sslSocketFactory(CustomSSLSocketFactory(client.sslSocketFactory), client.x509TrustManager!!)
        .hostnameVerifier { hostname, session ->
          val s = "hostname: $hostname peerHost:${session.peerHost}"
          Log.d("SniOverrideTest", s)
          try {
            val cert = session.peerCertificates[0] as X509Certificate
            for (name in cert.subjectAlternativeNames) {
              if (name[0] as Int == 2) {

      return new MockResponse()
          .setResponseCode(404)
          .setBody("unexpected request");
    }

    try {
      OAuthSession session = slackApi.exchangeCode(code, redirectUrl());
      listener.sessionGranted(session);
    } catch (IOException e) {
      return new MockResponse()
          .setResponseCode(400)
          .setBody("code exchange failed: " + e.getMessage());
    }

          ) as SSLSocket
        sslSocket.use {
          sslSocket.useClientMode = false
          sslSocket.wantClientAuth = true
          sslSocket.startHandshake()
          return@submit sslSocket.session.handshake()
        }
      }
    }
  }

  private fun doClientHandshake(
    client: HandshakeCertificates,
    serverAddress: InetSocketAddress,
  ): Future<Handshake> {

  private const val ALT_DNS_NAME = 2
  private const val ALT_IPA_NAME = 7

  override fun verify(
    host: String,
    session: SSLSession,
  ): Boolean {
    return if (!host.isAscii()) {
      false
    } else {
      try {
        verify(host, session.peerCertificates[0] as X509Certificate)
      } catch (_: SSLException) {
        false
      }
    }
  }

  fun verify(

 *
 * As policy, implementations of this interface are responsible for selecting which cookies to
 * accept and which to reject. A reasonable policy is to reject all cookies, though that may
 * interfere with session-based authentication schemes that require cookies.
 *
 * As persistence, implementations of this interface must also provide storage of cookies. Simple

    val tls_compression_supported: Boolean,
    val ephemeral_keys_supported: Boolean,
    val rating: String,
    val tls_version: String,
    val able_to_detect_n_minus_one_splitting: Boolean,
    val insecure_cipher_suites: Map<String, List<String>>,
    val given_cipher_suites: List<String>?,
  )

  @Test
  @Disabled
  fun testSSLFeatures() {
    assumeNetwork()

    // Force reuse. This appears flaky (30% of the time) even though sessions are reused.
    // javax.net.ssl.SSLHandshakeException: No new session is allowed and no existing
    // session can be resumed
    //
    // Report https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8264944
    // Sessions improvement https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8245576

   * cleartext and may be monitored or blocked by a proxy or other middlebox.
   */
  val handshakeServerNames: List<String>

  init {
    if (socket is SSLSocket) {
      try {
        this.handshake = socket.session.handshake()
        this.handshakeServerNames = Platform.get().getHandshakeServerNames(socket)
      } catch (e: IOException) {
        throw IllegalArgumentException(e)
      }
    } else {
      this.handshake = null