*
   *
   * The victim's gets a non-CA certificate signed by a CA, and pins the CA root and/or
   * intermediate. This is business as usual.
   *
   * ```
   *   pinnedRoot (trusted by CertificatePinner)
   *     -> pinnedIntermediate (trusted by CertificatePinner)
   *       -> realVictim
   * ```
   *
   * The attacker compromises a CA. They take the public key from an intermediate certificate

```

This handshake is successful because each party has prearranged to trust the root certificate that
signs the other party's chain.

Well-Known Certificate Authorities
----------------------------------

In these examples we've prearranged which root certificates to trust. But for regular HTTPS on the
Internet this set of trusted root certificates is usually provided by default by the host platform.

    version of the library.

5.  Our classes are not designed to protect against a malicious caller. You
    should not use them for communication between trusted and untrusted code.

6.  For the mainline flavor, we test the libraries using OpenJDK 8, 11, and 17
    on Linux, with some additional testing on newer JDKs and on Windows. Some

  /**
   * Configure the server to [want client auth][SSLSocket.setWantClientAuth]. If the
   * client presents a certificate that is [trusted][TrustManager] the handshake will
   * proceed normally. The connection will also proceed normally if the client presents no
   * certificate at all! But if the client presents an untrusted certificate the handshake
   * will fail and no connection will be established.
   */
  public fun requestClientAuth() {

   * that {@link #get} calls exactly the implementation of {@link AbstractFuture#get}.
   */
  abstract static class TrustedFuture<V extends @Nullable Object> extends FluentFuture<V>
      implements AbstractFuture.Trusted<V> {
    @CanIgnoreReturnValue
    @Override
    @ParametricNullness
    public final V get() throws InterruptedException, ExecutionException {
      return super.get();
    }

    @CanIgnoreReturnValue

    `EventSourceListener.onOpen()`.
 *  Fix: Enforce the max intermediates constraint when using pinned certificates with Conscrypt.
    This impacts Conscrypt when the server's presented certificates form both a trusted-but-unpinned
    chain and an untrusted-but-pinned chain.
 *  Upgrade: [Kotlin 1.6.10][kotlin_1_6_10].


## Version 5.0.0-alpha.3

_2021-11-22_

                "# Another comment\n" + "word2\n";

        // Write content to test file
        writeTestFile(content);

        // Reload and verify
        protwordsFile.reload(null);

        PagingList<ProtwordsItem> result = protwordsFile.selectList(0, 10);
        // Whitespace-only lines may be treated as entries
        assertEquals(3, result.size());

  }

  /**
   * Returns a string representation of x, where x is treated as unsigned.
   *
   * <p><b>Java 8+ users:</b> use {@link Long#toUnsignedString(long)} instead.
   */
  public static String toString(long x) {
    return toString(x, 10);
  }

  /**
   * Returns a string representation of {@code x} for the given radix, where {@code x} is treated as
   * unsigned.
   *

   * the result is chosen uniformly at random in [0, numBits), and then the result is chosen in that
   * range uniformly at random. Zero is treated as having log2 == 0.
   */
  static BigInteger randomNonNegativeBigInteger(int numBits) {
    int digits = RANDOM_SOURCE.nextInt(numBits);
    if (digits == 0) {
      return new BigInteger(1, RANDOM_SOURCE);

  private val server = MockWebServer()

  @BeforeEach
  fun setup() {
    // BCX509ExtendedTrustManager not supported in TlsUtil.newTrustManager
    platform.assumeNotBouncyCastle()
  }

  @Test fun `untrusted host in insecureHosts connects successfully`() {
    val serverCertificates = platform.localhostHandshakeCertificates()
    server.useHttps(serverCertificates.sslSocketFactory())
    server.enqueue(MockResponse())