*    from the peer.
 *
 * Web sockets may fail due to HTTP upgrade problems, connectivity problems, or if either peer
 * chooses to short-circuit the graceful shutdown process:
 *
 *  * **Canceled:** the web socket connection failed. Messages that were successfully enqueued by
 *    either peer may not have been transmitted to the other.
 *

 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the
 * host platform (like Android). In July 2018 Android had 134 trusted root certificates for its HTTP
 * clients to trust.
 *

      }
    }

    /**
     * Apply inbound settings and send an acknowledgement to the peer that provided them.
     *
     * We need to apply the settings and ack them atomically. This is because some HTTP/2
     * implementations (nghttp2) forbid peers from taking advantage of settings before they have
     * acknowledged! In particular, we shouldn't send frames that assume a new `initialWindowSize`

    replaceWith = ReplaceWith(expression = "peerCertificates"),
    level = DeprecationLevel.ERROR,
  )
  fun peerCertificates(): List<Certificate> = peerCertificates

  /** Returns the remote peer's principle, or null if that peer is anonymous. */
  @get:JvmName("peerPrincipal")
  val peerPrincipal: Principal?
    get() = (peerCertificates.firstOrNull() as? X509Certificate)?.subjectX500Principal

  @JvmName("-deprecated_peerPrincipal")

    fun ackSettings()

    /**
     * Read a connection-level ping from the peer. `ack` indicates this is a reply. The data
     * in `payload1` and `payload2` opaque binary, and there are no rules on the content.
     */
    fun ping(
      ack: Boolean,
      payload1: Int,
      payload2: Int,
    )

    /**
     * The peer tells us to stop creating streams. It is safe to replay streams with

    return result
  }

  class Builder {
    internal val namesAndValues: MutableList<String> = ArrayList(20)

    /**
     * Add a header line without any validation. Only appropriate for headers from the remote peer
     * or cache.
     */
    internal fun addLenient(line: String) =
      apply {
        val index = line.indexOf(':', 1)
        when {
          index != -1 -> {

  }

  @Test
  fun serverTruncatesRequestOnLongPostHttp1() {
    // "java.net.SocketException: Socket closed" thrown reading response after
    // "java.net.SocketException: Connection reset by peer" writing request
    assumeNotWindows()

    serverTruncatesRequestOnLongPost(https = false)
  }

  @Test
  fun serverTruncatesRequestOnLongPostHttp2() {
    enableProtocol(Protocol.HTTP_2)

  @Suppress("UNCHECKED_CAST")
  @Throws(SSLPeerUnverifiedException::class)
  override fun getPeerCertificates(): Array<Certificate> =
    if (certificates.isEmpty()) {
      throw SSLPeerUnverifiedException("peer not authenticated")
    } else {
      certificates as Array<Certificate>
    }

  @Suppress("removal", "OVERRIDE_DEPRECATION")
  @Throws(
    SSLPeerUnverifiedException::class,
  )

object Http2 {
  @JvmField
  val CONNECTION_PREFACE = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n".encodeUtf8()

  /** The initial max frame size, applied independently writing to, or reading from the peer. */
  const val INITIAL_MAX_FRAME_SIZE = 0x4000 // 16384

  const val TYPE_DATA = 0x0
  const val TYPE_HEADERS = 0x1
  const val TYPE_PRIORITY = 0x2
  const val TYPE_RST_STREAM = 0x3
  const val TYPE_SETTINGS = 0x4

 * client.newCall(request).execute();
 * ```
 *
 * As expected, this fails with a certificate pinning exception:
 *
 * ```java
 * javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!
 * Peer certificate chain:
 *     sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL
 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA