override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        TrustManagerFactory.getDefaultAlgorithm(),
        provider,
      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {

    sslSocketFactory: SSLSocketFactory?,
    x509TrustManager: X509TrustManager?,
  ): Interceptor.Chain {
    check(exchange == null) { "sslSocketFactory can't be adjusted in a network interceptor" }

    if (sslSocketFactory != null && x509TrustManager != null) {
      val newCertificateChainCleaner = CertificateChainCleaner.get(x509TrustManager)
      return copy(
        sslSocketFactory = sslSocketFactory,

    val x509TrustManager = trustManagers[0] as X509TrustManager
    // Disabled because OkHttp will run anyway
    Conscrypt.setHostnameVerifier(x509TrustManager, DisabledHostnameVerifier)
    return x509TrustManager
  }

  internal object DisabledHostnameVerifier : ConscryptHostnameVerifier {
    fun verify(
      hostname: String?,
      session: SSLSession?,
    ): Boolean = true

    override fun verify(

  override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? {
    val context: Any? =
      readFieldOrNull(
        sslSocketFactory,
        paramClass,
        "sslParameters",
      )
    val x509TrustManager =
      readFieldOrNull(
        context!!,
        X509TrustManager::class.java,
        "x509TrustManager",
      )
    return x509TrustManager
      ?: readFieldOrNull(
        context,

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        "PKIX",
        BouncyCastleJsseProvider.PROVIDER_NAME,
      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {

    }

    object X509TrustManagerOverride : Override<X509TrustManager?> {
      override val paramName: String = "sslSocketFactory"

      override fun Interceptor.Chain.value(): X509TrustManager? = x509TrustManagerOrNull

      override fun Interceptor.Chain.withOverride(value: X509TrustManager?): Interceptor.Chain =
        withSslSocketFactory(Platform.get().newSslSocketFactory(value!!), value)

  }

  open fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    BasicCertificateChainCleaner(buildTrustRootIndex(trustManager))

  open fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex = BasicTrustRootIndex(*trustManager.acceptedIssuers)

  open fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory {
    try {
      return newSSLContext()

     */
    fun withSslSocketFactory(
      sslSocketFactory: SSLSocketFactory?,
      x509TrustManager: X509TrustManager?,
    ): Chain

    /**
     * Returns the [X509TrustManager] for the OkHttpClient, or an override from the Call.Chain.
     */
    val x509TrustManagerOrNull: X509TrustManager?

    /**
     * Returns the [HostnameVerifier] for the OkHttpClient, or an override from the Call.Chain.

  @get:JvmName("sslSocketFactory")
  val sslSocketFactory: SSLSocketFactory
    get() = sslSocketFactoryOrNull ?: throw IllegalStateException("CLEARTEXT-only client")

  @get:JvmName("x509TrustManager")
  val x509TrustManager: X509TrustManager?

  @get:JvmName("connectionSpecs")
  val connectionSpecs: List<ConnectionSpec> =
    builder.connectionSpecs

  @get:JvmName("protocols")

 */
package okhttp3.internal.platform

import java.security.NoSuchAlgorithmException
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.X509TrustManager
import okhttp3.Protocol
import okhttp3.internal.SuppressSignatureCheck

/**
 * OpenJDK 9+ and JDK8 build 252+.
 *
 * This may also be used for Android tests with Robolectric.
 */
@Suppress("NewApi")