assertThat(actual).isNotNull()
  }

  private fun enableTls() {
    // Generate a self-signed cert for the server to serve and the client to trust.
    // can't use TlsUtil.localhost with a non OpenJSSE trust manager
    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("localhost")
        .addSubjectAlternativeName("localhost")
        .build()

MockWebServer server = new MockWebServer();
server.useHttps(serverCertificates.sslSocketFactory(), false);
```

`HandshakeCertificates` also works for clients where its job is to define which root certificates
to trust. In this simplified example we trust the server's self-signed certificate:

```java
HandshakeCertificates clientCertificates = new HandshakeCertificates.Builder()
    .addTrustedCertificate(localhostCertificate.certificate())
    .build();

 *
 * Supported on OpenJDK 8 via the JettyALPN-boot library or Conscrypt.
 *
 * Supported on OpenJDK 9+ via SSLParameters and SSLSocket features.
 *
 * ### Trust Manager Extraction
 *
 * Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
 * manager that was used to create an [SSLSocketFactory].
 *
 * Not supported by choice on JDK9+ due to access checks.
 *
 * ### Android Cleartext Permit Detection

  val hostname = "local.host"
  private val handshakeCertificates =
    run {
      // Generate a self-signed cert for the server to serve and the client to trust.
      val heldCertificate =
        HeldCertificate
          .Builder()
          .commonName(hostname)
          .addSubjectAlternativeName(hostname)
          .build()
      HandshakeCertificates

    return ListTestSuiteBuilder.using(
            new TestStringListGenerator() {
              @Override
              protected List<String> create(String[] elements) {
                // For this test we trust ArrayList works
                List<String> list = new ArrayList<>();
                Collections.addAll(list, elements);
                return new AbstractSequentialList<String>() {
                  @Override

      }

    /** Sets the trailers and returns this. */
    public fun trailers(trailers: Headers): Builder =
      apply {
        this.trailers_ = trailers.newBuilder()
      }

    /** Don't trust the client during the SSL handshake. */
    public fun failHandshake(): Builder =
      apply {
        failHandshake = true
      }

    /** Trigger [socketEffect] before the request headers are read. */

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setup() {
    platform.assumeNotBouncyCastle()
  }

  /**
   * The pinner should pull the root certificate from the trust manager.
   */
  @Test
  fun pinRootNotPresentInChain() {
    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
    val rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)

    /**
     * By default, if we are handed a value collection bigger than expectedValuesPerKey, presize to
     * accept that many elements.
     *
     * <p>This gets overridden in ImmutableSetMultimap.Builder to only trust the size of {@code
     * values} if it is a Set and therefore probably already deduplicated.
     */
    int expectedValueCollectionSize(int defaultExpectedValues, Iterable<?> values) {

          : new ImmutableSortedSet.Builder<V>(valueComparator, expectedSize);
    }

    @Override
    int expectedValueCollectionSize(int defaultExpectedValues, Iterable<?> values) {
      // Only trust the size of `values` if it is a Set and therefore probably already deduplicated.
      if (values instanceof Set<?>) {
        Set<?> collection = (Set<?>) values;
        return max(defaultExpectedValues, collection.size());

          : new ImmutableSortedSet.Builder<V>(valueComparator, expectedSize);
    }

    @Override
    int expectedValueCollectionSize(int defaultExpectedValues, Iterable<?> values) {
      // Only trust the size of `values` if it is a Set and therefore probably already deduplicated.
      if (values instanceof Set<?>) {
        Set<?> collection = (Set<?>) values;
        return max(defaultExpectedValues, collection.size());