init {
        val trustManager = trustManagerForCertificates(trustedCertificatesInputStream())
        val sslContext = SSLContext.getInstance("TLS")
        sslContext.init(null, arrayOf<TrustManager>(trustManager), null)
        val sslSocketFactory = sslContext.socketFactory

        client = OkHttpClient.Builder()
            .sslSocketFactory(sslSocketFactory, trustManager)
            .build()
      }

  }

  open fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    BasicCertificateChainCleaner(buildTrustRootIndex(trustManager))

  open fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex = BasicTrustRootIndex(*trustManager.acceptedIssuers)

  open fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory {
    try {

    val sslContext =
      Platform.get().newSSLContext().apply {
        init(null, arrayOf(trustManager), null)
      }
    val sslSocketFactory = sslContext.socketFactory

    val hostnameVerifier = HostnameVerifier { _, _ -> true }

    client =
      client
        .newBuilder()
        .sslSocketFactory(sslSocketFactory, trustManager)
        .hostnameVerifier(hostnameVerifier)
        .build()

      Conscrypt.getApplicationProtocol(sslSocket)
    } else {
      super.getSelectedProtocol(sslSocket)
    }

  override fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory =
    newSSLContext()
      .apply {
        init(null, arrayOf<TrustManager>(trustManager), null)
      }.socketFactory

  companion object {
    val isSupported: Boolean =
      try {

        )
      val trustManager =
        newTrustManager(
          null,
          Arrays.asList(serverRootCa.certificate, clientRootCa.certificate),
          emptyList(),
        )
      val sslContext = SSLContext.getInstance("TLS")
      sslContext.init(
        arrayOf<KeyManager>(keyManager),
        arrayOf<TrustManager>(trustManager),
        SecureRandom(),
      )

        override fun connectFailed(
          uri: URI,
          socketAddress: SocketAddress,
          e: IOException,
        ) {}
      }

    val trustManager = get().platformTrustManager()
    val sslContext = get().newSSLContext()
    sslContext.init(null, null, null)

    // new client, may share all same fields but likely different connection pool
    assertNotSame(

    val x509KeyManager = newKeyManager(keystoreType, heldCertificate, *intermediates)
    val trustManager =
      newTrustManager(
        keystoreType,
        emptyList(),
        emptyList(),
      )
    val sslContext = get().newSSLContext()
    sslContext.init(
      arrayOf<KeyManager>(x509KeyManager),
      arrayOf<TrustManager>(trustManager),
      SecureRandom(),
    )
    return sslContext.socketFactory
  }

     * sslContext.init(null, new TrustManager[] { trustManager }, null);
     * SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
     *
     * OkHttpClient client = new OkHttpClient.Builder()
     *     .sslSocketFactory(sslSocketFactory, trustManager)
     *     .build();
     * ```
     *
     * ## TrustManagers on Android are Weird!
     *

      }
    } catch (e: UnsupportedOperationException) {
      // https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLSocket.html#getApplicationProtocol--
      null
    }

  override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? {
    // Not supported due to access checks on JDK 9+:
    // java.lang.reflect.InaccessibleObjectException: Unable to make member of class

      "Unexpected default trust managers: ${trustManagers.contentToString()}"
    }
    return trustManagers[0] as X509TrustManager
  }

  override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager =
    throw UnsupportedOperationException(
      "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported with OpenJSSE",
    )