.build()
    val intermediateCa =
      HeldCertificate
        .Builder()
        .signedBy(rootCa)
        .certificateAuthority(0)
        .serialNumber(2L)
        .commonName("intermediate_ca")
        .build()
    val certificate =
      HeldCertificate
        .Builder()
        .signedBy(intermediateCa)
        .serialNumber(3L)
        .commonName(server.hostName)
        .build()

        .build()
    val clientIntermediate =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .signedBy(clientRoot)
        .build()
    val clientCertificate =
      HeldCertificate
        .Builder()
        .signedBy(clientIntermediate)
        .build()
    val serverRoot =
      HeldCertificate
        .Builder()
        .certificateAuthority(1)
        .build()

    serverIntermediateCa =
      HeldCertificate
        .Builder()
        .signedBy(serverRootCa)
        .certificateAuthority(0)
        .serialNumber(2L)
        .commonName("intermediate_ca")
        .addSubjectAlternativeName("intermediate_ca.com")
        .build()
    serverCert =
      HeldCertificate
        .Builder()
        .signedBy(serverIntermediateCa)
        .serialNumber(3L)

    .build();

HeldCertificate intermediateCertificate = new HeldCertificate.Builder()
    .certificateAuthority(0)
    .signedBy(rootCertificate)
    .build();

HeldCertificate serverCertificate = new HeldCertificate.Builder()
    .addSubjectAlternativeName("localhost")
    .signedBy(intermediateCertificate)
    .build();
```

To serve this configuration the server needs to provide its clients with a chain of certificates

    }

    /**
     * Set the certificate that will issue this certificate. If unset the certificate will be
     * self-signed.
     */
    fun signedBy(signedBy: HeldCertificate?) =
      apply {
        this.signedBy = signedBy
      }

    /**
     * Set this certificate to be a signing certificate, with up to `maxIntermediateCas`
     * intermediate signing certificates beneath it.

    builder = builder.serialNumber(BigInteger.ZERO)
    builder = builder.serialNumber(0L)
    builder = builder.keyPair(keyPair)
    builder = builder.keyPair(keyPair.public, keyPair.private)
    builder = builder.signedBy(HeldCertificate.Builder().build())
    builder = builder.certificateAuthority(0)
    builder = builder.ecdsa256()
    builder = builder.rsa2048()
    val heldCertificate: HeldCertificate = builder.build()
  }

	VMSLTUVI	$17, V2, V3			// ERROR "signed immediate 16 must be in range [-16, 15]"
	VMSLTUVI	$-16, V2, V3			// ERROR "signed immediate -17 must be in range [-16, 15]"
	VMSGEVI		$17, V2, V3			// ERROR "signed immediate 16 must be in range [-16, 15]"
	VMSGEVI		$-16, V2, V3			// ERROR "signed immediate -17 must be in range [-16, 15]"
	VMSGEUVI	$17, V2, V3			// ERROR "signed immediate 16 must be in range [-16, 15]"

 * signed versions of methods for which signedness is an issue.
 *
 * <p>In addition, this class provides several static methods for converting a {@code long} to a
 * {@code String} and a {@code String} to a {@code long} that treat the {@code long} as an unsigned
 * number.
 *
 * <p>Users of these utilities must be <i>extremely careful</i> not to mix up signed and unsigned

type uint64 uint64

// int8 is the set of all signed 8-bit integers.
// Range: -128 through 127.
type int8 int8

// int16 is the set of all signed 16-bit integers.
// Range: -32768 through 32767.
type int16 int16

// int32 is the set of all signed 32-bit integers.
// Range: -2147483648 through 2147483647.
type int32 int32

// int64 is the set of all signed 64-bit integers.

  public static boolean isPowerOfTwo(int x) {
    return x > 0 & (x & (x - 1)) == 0;
  }

  /**
   * Returns 1 if {@code x < y} as unsigned integers, and 0 otherwise. Assumes that x - y fits into
   * a signed int. The implementation is branch-free, and benchmarks suggest it is measurably (if
   * narrowly) faster than the straightforward ternary expression.
   */
  @VisibleForTesting
  static int lessThanBranchFree(int x, int y) {