sink.writeByte(node.symbol)
      accumulatorBitCount -= node.terminalBitCount
      node = root
    }
  }

  private fun addCode(
    symbol: Int,
    code: Int,
    codeBitCount: Int,
  ) {
    val terminal = Node(symbol, codeBitCount)

    var accumulatorBitCount = codeBitCount
    var node = root
    while (accumulatorBitCount > 8) {
      accumulatorBitCount -= 8

  }

  @Test
  fun ecdsaSignedByRsa() {
    val root =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .rsa2048()
        .build()
    val leaf =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .ecdsa256()
        .signedBy(root)
        .build()
    assertThat(root.certificate.sigAlgName).isEqualTo("SHA256WITHRSA", ignoreCase = true)

   * custom builds of OkHttp please include a qualifier your version name, like "4.7.0-mycompany.3".
   * The version string is configured in the root project's `build.gradle`.
   *
   * Note that OkHttp's runtime version may be different from the version specified in your
   * project's build file due to the dependency resolution features of your build tool.
   *

 *  Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by
    the certificate that follows and the last certificate is signed by a trusted root.

 *  Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this
    happened enough then eventually the connection would stall.

 * chain. The chain terminates in a self-signed "root" certificate. Signing certificates in the
 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the

      .isEqualTo(clientHandshake.localCertificates)
  }

  @Test fun keyManager() {
    val root =
      HeldCertificate.Builder()
        .certificateAuthority(1)
        .build()
    val intermediate =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .signedBy(root)
        .build()
    val certificate =
      HeldCertificate.Builder()
        .signedBy(intermediate)

    platform.assumeNotBouncyCastle()
    serverRootCa =
      HeldCertificate.Builder()
        .serialNumber(1L)
        .certificateAuthority(1)
        .commonName("root")
        .addSubjectAlternativeName("root_ca.com")
        .build()
    serverIntermediateCa =
      HeldCertificate.Builder()
        .signedBy(serverRootCa)
        .certificateAuthority(0)
        .serialNumber(2L)

root = true

[*]
indent_size = 2
ij_continuation_indent_size = 2
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

[*.{kt, kts}]

    // The typical PKCS11 slot, may vary with different hardware.
    val slot = 0

    val config = "--name=OpenSC\nlibrary=/Library/OpenSC/lib/opensc-pkcs11.so\nslot=$slot\n"

    // May fail with ProviderException with root cause like
    // sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID
    val pkcs11 = Security.getProvider("SunPKCS11").configure(config)
    Security.addProvider(pkcs11)

 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root
 * Pinned certificates for publicobject.com:
 *     sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
 *   at okhttp3.CertificatePinner.check(CertificatePinner.java)
 *   at okhttp3.Connection.upgradeToTls(Connection.java)