.sslSocketFactory(CustomSSLSocketFactory(client.sslSocketFactory), client.x509TrustManager!!)
        .hostnameVerifier { hostname, session ->
          val s = "hostname: $hostname peerHost:${session.peerHost}"
          Log.d("SniOverrideTest", s)
          try {
            val cert = session.peerCertificates[0] as X509Certificate
            for (name in cert.subjectAlternativeNames) {
              if (name[0] as Int == 2) {

          ) as SSLSocket
        sslSocket.use {
          sslSocket.useClientMode = false
          sslSocket.wantClientAuth = true
          sslSocket.startHandshake()
          return@submit sslSocket.session.handshake()
        }
      }
    }
  }

  private fun doClientHandshake(
    client: HandshakeCertificates,
    serverAddress: InetSocketAddress,
  ): Future<Handshake> {

  private const val ALT_DNS_NAME = 2
  private const val ALT_IPA_NAME = 7

  override fun verify(
    host: String,
    session: SSLSession,
  ): Boolean {
    return if (!host.isAscii()) {
      false
    } else {
      try {
        verify(host, session.peerCertificates[0] as X509Certificate)
      } catch (_: SSLException) {
        false
      }
    }
  }

  fun verify(

 *
 * As policy, implementations of this interface are responsible for selecting which cookies to
 * accept and which to reject. A reasonable policy is to reject all cookies, though that may
 * interfere with session-based authentication schemes that require cookies.
 *
 * As persistence, implementations of this interface must also provide storage of cookies. Simple

   * cleartext and may be monitored or blocked by a proxy or other middlebox.
   */
  val handshakeServerNames: List<String>

  init {
    if (socket is SSLSocket) {
      try {
        this.handshake = socket.session.handshake()
        this.handshakeServerNames = Platform.get().getHandshakeServerNames(socket)
      } catch (e: IOException) {
        throw IllegalArgumentException(e)
      }
    } else {
      this.handshake = null

      initOauthSession(session);
      System.out.printf("session granted: %s\n", session);
    });

    System.out.printf("open this URL in a browser: %s\n", authorizeUrl);
  }

  /** Set the OAuth session for this client. */
  public synchronized void initOauthSession(OAuthSession session) {
    this.session = session;
    this.notifyAll();
  }

    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      try {
        // Enable session tickets.
        setUseSessionTickets.invoke(sslSocket, true)

        // Assume platform support on 24+
        if (hostname != null && Build.VERSION.SDK_INT <= 23) {

      return new MockResponse()
          .setResponseCode(404)
          .setBody("unexpected request");
    }

    try {
      OAuthSession session = slackApi.exchangeCode(code, redirectUrl());
      listener.sessionGranted(session);
    } catch (IOException e) {
      return new MockResponse()
          .setResponseCode(400)
          .setBody("code exchange failed: " + e.getMessage());
    }

import javax.net.ssl.SSLSession

class RecordingHostnameVerifier : HostnameVerifier {
  @JvmField
  val calls: MutableList<String> = mutableListOf()

  @Synchronized override fun verify(
    hostname: String,
    session: SSLSession,
  ): Boolean {
    calls.add("verify $hostname")
    return true
  }

    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      // Enable session tickets.
      Conscrypt.setUseSessionTickets(sslSocket, true)

      // Enable ALPN.
      val names = Platform.alpnProtocolNames(protocols)
      Conscrypt.setApplicationProtocols(sslSocket, names.toTypedArray())
    }