else -> true
    }

  override fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    AndroidCertificateChainCleaner.buildIfSupported(trustManager) ?: super.buildCertificateChainCleaner(trustManager)

  override fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex =
    try {
      StrictMode.noteSlowCall("buildTrustRootIndex")

    other is AndroidCertificateChainCleaner &&
      other.trustManager === this.trustManager

  override fun hashCode(): Int = System.identityHashCode(trustManager)

  companion object {
    @SuppressSignatureCheck
    fun buildIfSupported(trustManager: X509TrustManager): AndroidCertificateChainCleaner? {
      val extensions =
        try {
          X509TrustManagerExtensions(trustManager)
        } catch (iae: IllegalArgumentException) {

      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {
      "Unexpected default trust managers: ${trustManagers.contentToString()}"
    }
    return trustManagers[0] as X509TrustManager
  }

  open fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? {
    return try {

      builder.callTimeout(callTimeout.toLong(), SECONDS)
    }
    if (allowInsecure) {
      val trustManager = createInsecureTrustManager()
      val sslSocketFactory = createInsecureSslSocketFactory(trustManager)
      builder.sslSocketFactory(sslSocketFactory, trustManager)
      builder.hostnameVerifier(createInsecureHostnameVerifier())
    }
    if (verbose) {

      init {
        val trustManager = trustManagerForCertificates(trustedCertificatesInputStream())
        val sslContext = SSLContext.getInstance("TLS")
        sslContext.init(null, arrayOf<TrustManager>(trustManager), null)
        val sslSocketFactory = sslContext.socketFactory

        client = OkHttpClient.Builder()
            .sslSocketFactory(sslSocketFactory, trustManager)
            .build()
      }

  override fun platformTrustManager(): X509TrustManager {
    val trustManagers =
      TrustManagerFactory
        .getInstance(TrustManagerFactory.getDefaultAlgorithm())
        .apply {
          init(null as KeyStore?)
        }.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {
      "Unexpected default trust managers: ${trustManagers.contentToString()}"
    }

    val sslContext =
      Platform.get().newSSLContext().apply {
        init(null, arrayOf(trustManager), null)
      }
    val sslSocketFactory = sslContext.socketFactory

    val hostnameVerifier = HostnameVerifier { _, _ -> true }

    client =
      client
        .newBuilder()
        .sslSocketFactory(sslSocketFactory, trustManager)
        .hostnameVerifier(hostnameVerifier)
        .build()

    NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(hostname)

  override fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    AndroidCertificateChainCleaner.buildIfSupported(trustManager) ?: super.buildCertificateChainCleaner(trustManager)

  override fun log(
    message: String,
    level: Int,
    t: Throwable?,
  ) {
    if (level == WARN) {

    replaceWith = ReplaceWith(expression = "trustManager"),
    level = DeprecationLevel.ERROR,
  )
  fun trustManager(): X509TrustManager = trustManager

  fun sslSocketFactory(): SSLSocketFactory = sslContext().socketFactory

  fun sslContext(): SSLContext =
    Platform.get().newSSLContext().apply {
      init(arrayOf<KeyManager>(keyManager), arrayOf<TrustManager>(trustManager), SecureRandom())
    }

  class Builder {

    factory.init(trustStore)
    val result = factory.trustManagers!!
    check(result.size == 1 && result[0] is X509TrustManager) {
      "Unexpected trust managers: ${result.contentToString()}"
    }

    val trustManager = result[0] as X509TrustManager

    return when {
      insecureHosts.isEmpty() -> trustManager
      Platform.isAndroid -> InsecureAndroidTrustManager(trustManager, insecureHosts)