override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        TrustManagerFactory.getDefaultAlgorithm(),
        provider,
      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {

    sslSocketFactory: SSLSocketFactory?,
    x509TrustManager: X509TrustManager?,
  ): Interceptor.Chain {
    check(exchange == null) { "sslSocketFactory can't be adjusted in a network interceptor" }

    if (sslSocketFactory != null && x509TrustManager != null) {
      val newCertificateChainCleaner = CertificateChainCleaner.get(x509TrustManager)
      return copy(
        sslSocketFactory = sslSocketFactory,

      throw new IllegalStateException("Unexpected default trust managers:"
          + Arrays.toString(trustManagers));
    }
    return (X509TrustManager) trustManagers[0];
  }

  private String[] javaNames(List<CipherSuite> cipherSuites) {
    String[] result = new String[cipherSuites.size()];
    for (int i = 0; i < result.length; i++) {

    val x509TrustManager = trustManagers[0] as X509TrustManager
    // Disabled because OkHttp will run anyway
    Conscrypt.setHostnameVerifier(x509TrustManager, DisabledHostnameVerifier)
    return x509TrustManager
  }

  internal object DisabledHostnameVerifier : ConscryptHostnameVerifier {
    fun verify(
      hostname: String?,
      session: SSLSession?,
    ): Boolean = true

    override fun verify(

  override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? {
    val context: Any? =
      readFieldOrNull(
        sslSocketFactory,
        paramClass,
        "sslParameters",
      )
    val x509TrustManager =
      readFieldOrNull(
        context!!,
        X509TrustManager::class.java,
        "x509TrustManager",
      )
    return x509TrustManager
      ?: readFieldOrNull(
        context,

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        "PKIX",
        BouncyCastleJsseProvider.PROVIDER_NAME,
      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {

    }

    object X509TrustManagerOverride : Override<X509TrustManager?> {
      override val paramName: String = "sslSocketFactory"

      override fun Interceptor.Chain.value(): X509TrustManager? = x509TrustManagerOrNull

      override fun Interceptor.Chain.withOverride(value: X509TrustManager?): Interceptor.Chain =
        withSslSocketFactory(Platform.get().newSslSocketFactory(value!!), value)

public final class okhttp3/tls/HandshakeCertificates {
	public final fun -deprecated_keyManager ()Ljavax/net/ssl/X509KeyManager;
	public final fun -deprecated_trustManager ()Ljavax/net/ssl/X509TrustManager;
	public synthetic fun <init> (Ljavax/net/ssl/X509KeyManager;Ljavax/net/ssl/X509TrustManager;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
	public final fun keyManager ()Ljavax/net/ssl/X509KeyManager;
	public final fun sslContext ()Ljavax/net/ssl/SSLContext;

import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.SuppressSignatureCheck
import okhttp3.internal.tls.CertificateChainCleaner

/**
 * Android implementation of CertificateChainCleaner using direct Android API calls.
 * Not used if X509TrustManager doesn't implement [X509TrustManager.checkServerTrusted] with
 * an additional host param.
 */

  }

  open fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    BasicCertificateChainCleaner(buildTrustRootIndex(trustManager))

  open fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex = BasicTrustRootIndex(*trustManager.acceptedIssuers)

  open fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory {
    try {
      return newSSLContext()