*
 * ```java
 * String hostname = "publicobject.com";
 * CertificatePinner certificatePinner = new CertificatePinner.Builder()
 *     .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
 *     .build();
 * OkHttpClient client = OkHttpClient.Builder()
 *     .certificatePinner(certificatePinner)
 *     .build();
 *
 * Request request = new Request.Builder()

import mockwebserver3.MockResponse
import mockwebserver3.MockWebServer
import mockwebserver3.SocketEffect.ShutdownConnection
import mockwebserver3.junit5.StartStop
import okhttp3.CertificatePinner
import okhttp3.CertificatePinner.Companion.pin
import okhttp3.OkHttpClientTestRule
import okhttp3.RecordingHostnameVerifier
import okhttp3.Request
import okhttp3.internal.platform.Platform.Companion.get

    certificatePinner.check("example.com", listOf(certA1.certificate))
    certificatePinner.check("www.example.com", listOf(certA1.certificate))
  }

  @Test
  fun absentHostnameMatches() {
    val certificatePinner = CertificatePinner.Builder().build()
    certificatePinner.check("example.com", listOf(certA1.certificate))
  }

  @Test
  fun successfulCheckForWildcardHostname() {
    val certificatePinner =

  @JvmName("-deprecated_certificatePinner")
  @Deprecated(
    message = "moved to val",
    replaceWith = ReplaceWith(expression = "certificatePinner"),
    level = DeprecationLevel.ERROR,
  )
  fun certificatePinner(): CertificatePinner? = certificatePinner

  override fun equals(other: Any?): Boolean =
    other is Address &&
      url == other.url &&
      equalsNonHost(other)

     * Pinning certificates avoids the need to trust certificate authorities.
     */
    fun certificatePinner(certificatePinner: CertificatePinner) =
      apply {
        if (certificatePinner != this.certificatePinner) {
          this.routeDatabase = null
        }

        this.certificatePinner = certificatePinner
      }

    /**

  @Test
  fun successfulCheckSha1Pin() {
    val certificatePinner =
      CertificatePinner
        .Builder()
        .add("example.com", "sha1/" + certA1.certificate.sha1Hash().base64())
        .build()

    certificatePinner.check("example.com", listOf(certA1.certificate))
  }

  @Test fun successfulFindMatchingPins() {
    val certificatePinner =
      CertificatePinner
        .Builder()

        ) = TODO()
      }
  }

  @Test
  fun certificatePinner() {
    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()
    val certificate: X509Certificate = heldCertificate.certificate
    val certificatePinner: CertificatePinner = CertificatePinner.Builder().build()
    val certificates: List<Certificate> = listOf()
    certificatePinner.check("", listOf(certificate))

  /** Can still coalesce when pinning is used if pins match.  */
  @Test
  fun coalescesWhenCertificatePinsMatch() {
    val pinner =
      CertificatePinner
        .Builder()
        .add("san.com", pin(certificate.certificate))
        .build()
    client = client.newBuilder().certificatePinner(pinner).build()
    server.enqueue(MockResponse())
    server.enqueue(MockResponse())
    assert200Http2Response(execute(url), server.hostName)

  @Test
  fun testCertificatePinningSuccess() {
    enableTls()

    val certificatePinner =
      CertificatePinner
        .Builder()
        .add(
          server.hostName,
          CertificatePinner.pin(handshakeCertificates.trustManager.acceptedIssuers[0]),
        ).build()
    client = client.newBuilder().certificatePinner(certificatePinner).build()

    server.enqueue(MockResponse(body = "abc"))

 * limitations under the License.
 */
package okhttp3.recipes;

import java.io.IOException;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.Set;
import okhttp3.CertificatePinner;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

public final class CheckHandshake {
  /** Rejects otherwise-trusted certificates. */