val handshakeCertificates =
      HandshakeCertificates
        .Builder()
        .addPlatformTrustedCertificates()
        .build()
    val acceptedIssuers = handshakeCertificates.trustManager.acceptedIssuers
    val names =
      acceptedIssuers
        .map { it.subjectDN.name }
        .toSet()

    // It's safe to assume all platforms will have a major Internet certificate issuer.
    val majorIssuers =

    BasicCertificateChainCleaner(buildTrustRootIndex(trustManager))

  open fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex = BasicTrustRootIndex(*trustManager.acceptedIssuers)

  open fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory {
    try {
      return newSSLContext()
        .apply {
          init(null, arrayOf<TrustManager>(trustManager), null)

    enableTls()

    val certificatePinner =
      CertificatePinner
        .Builder()
        .add(
          server.hostName,
          CertificatePinner.pin(handshakeCertificates.trustManager.acceptedIssuers[0]),
        ).build()
    client = client.newBuilder().certificatePinner(certificatePinner).build()

    server.enqueue(MockResponse(body = "abc"))

      OverrideParam.CertificatePinner -> {
        enableTls()

        val pinner =
          CertificatePinner
            .Builder()
            .add(server.hostName, pin(handshakeCertificates.trustManager.acceptedIssuers.first()))
            .build()

        overrideBadImplementation(
          override = Override.CertificatePinnerOverride,
          testItFails = testItFails,
          goodValue = pinner,
        )

    private val delegate: X509TrustManager,
  ) : X509TrustManager {
    val calls: MutableList<String> = ArrayList()

    override fun getAcceptedIssuers(): Array<X509Certificate> = delegate.acceptedIssuers

    override fun checkClientTrusted(
      chain: Array<X509Certificate>,
      authType: String,
    ) {
      calls.add("checkClientTrusted " + certificatesToString(chain))
    }