hpackWriter!!.writeHeaders(headerEntries(":authority", "foo.com"))
    assertBytes(0x41, 7, 'f'.code, 'o'.code, 'o'.code, '.'.code, 'c'.code, 'o'.code, 'm'.code)
    assertThat(hpackWriter!!.headerCount).isEqualTo(1)
    hpackWriter!!.writeHeaders(headerEntries(":authority", "foo.com"))
    assertBytes(0xbe)
    assertThat(hpackWriter!!.headerCount).isEqualTo(1)

     */
    public IAuthenticationResult getAccessToken(final String refreshToken) {
        final String authority = getAuthority() + getTenant() + "/";
        if (logger.isDebugEnabled()) {
            logger.debug("refreshToken: {}, authority: {}", refreshToken, authority);
        }
        try {
            final ConfidentialClientApplication app = ConfidentialClientApplication

 * ```
 *
 * In this example the HTTP client already knows and trusts the last certificate, "Entrust Root
 * Certification Authority - G2". That certificate is used to verify the signature of the
 * intermediate certificate, "Entrust Certification Authority - L1M". The intermediate certificate
 * is used to verify the signature of the "www.squareup.com" certificate.
 *

        .header("Host", "square.com")
        .header("TE", "gzip")
        .build()
    val expected =
      headerEntries(
        ":method",
        "GET",
        ":path",
        "/",
        ":authority",
        "square.com",
        ":scheme",
        "http",
      )
    assertThat(http2HeadersList(request)).isEqualTo(expected)
  }

  @Test fun http2HeadersListDontDropTeIfTrailersHttp2() {

    0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
    NVOFBkpdn627G190
    -----END CERTIFICATE-----
    """.trimIndent().decodeCertificatePem()

  // CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  val entrustRootCertificateAuthority =
    """
    -----BEGIN CERTIFICATE-----

    const val RESPONSE_STATUS_UTF8 = ":status"
    const val TARGET_METHOD_UTF8 = ":method"
    const val TARGET_PATH_UTF8 = ":path"
    const val TARGET_SCHEME_UTF8 = ":scheme"
    const val TARGET_AUTHORITY_UTF8 = ":authority"

    @JvmField val RESPONSE_STATUS: ByteString = RESPONSE_STATUS_UTF8.encodeUtf8()

    @JvmField val TARGET_METHOD: ByteString = TARGET_METHOD_UTF8.encodeUtf8()

    version = "HTTP/2",
  )

private fun requestUrl(
  socket: MockWebServerSocket,
  requestLine: RequestLine,
  headers: Headers,
): HttpUrl {
  val hostAndPort =
    headers[":authority"]
      ?: headers["Host"]
      ?: when (val inetAddress = socket.localAddress) {
        is Inet6Address -> "[${inetAddress.hostAddress}]:${socket.localPort}"

     *
     * The server’s TLS certificate **does not need to be signed** by a trusted certificate
     * authority. Instead, it will trust any well-formed certificate, even if it is self-signed.
     * This is necessary for testing against localhost or in development environments where a
     * certificate authority is not possible.
     *
     * The server’s TLS certificate still must match the requested hostname. For example, if the

      throw UnknownHostException("$hostname: SERVFAIL")
    }

    val questionCount = buf.readShort().toInt() and 0xffff
    val answerCount = buf.readShort().toInt() and 0xffff
    buf.readShort() // authority record count
    buf.readShort() // additional record count

    for (i in 0 until questionCount) {
      skipName(buf) // name
      buf.readShort() // type
      buf.readShort() // class
    }

  /**
   * Describes the request that the server intends to push a response for.
   *
   * @param streamId server-initiated stream ID: an even number.
   * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`,
   * and `:path`.
   */
  fun onRequest(
    streamId: Int,
    requestHeaders: List<Header>,
  ): Boolean

  /**
   * The response headers corresponding to a pushed request.  When [last] is true, there are