val handshakeCertificates =
      HandshakeCertificates.Builder()
        .addPlatformTrustedCertificates()
        .build()
    val acceptedIssuers = handshakeCertificates.trustManager.acceptedIssuers
    val names =
      acceptedIssuers
        .map { it.subjectDN.name }
        .toSet()

    // It's safe to assume all platforms will have a major Internet certificate issuer.

  private val delegate: X509ExtendedTrustManager,
  private val insecureHosts: List<String>,
) : X509ExtendedTrustManager() {
  override fun getAcceptedIssuers(): Array<X509Certificate> = delegate.acceptedIssuers

  override fun checkServerTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    socket: Socket,
  ) {
    if (socket.peerName() !in insecureHosts) {

    } catch (e: InvocationTargetException) {
      throw e.targetException
    }
  }

  override fun getAcceptedIssuers(): Array<X509Certificate> = delegate.acceptedIssuers

  override fun checkClientTrusted(
    chain: Array<out X509Certificate>,
    authType: String?,
  ) = throw CertificateException("Unsupported operation")

  override fun checkServerTrusted(

    BasicCertificateChainCleaner(buildTrustRootIndex(trustManager))

  open fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex = BasicTrustRootIndex(*trustManager.acceptedIssuers)

  open fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory {
    try {
      return newSSLContext().apply {
        init(null, arrayOf<TrustManager>(trustManager), null)

     */
    fun addPlatformTrustedCertificates() =
      apply {
        val platformTrustManager = Platform.get().platformTrustManager()
        Collections.addAll(trustedCertificates, *platformTrustManager.acceptedIssuers)
      }

    /**
     * Configures this to not authenticate the HTTPS server on to [hostname]. This makes the user
     * vulnerable to man-in-the-middle attacks and should only be used only in private development

    enableTls()

    val certificatePinner =
      CertificatePinner.Builder()
        .add(
          server.hostName,
          CertificatePinner.pin(handshakeCertificates.trustManager.acceptedIssuers[0]),
        )
        .build()
    client = client.newBuilder().certificatePinner(certificatePinner).build()

    server.enqueue(MockResponse(body = "abc"))

  private class RecordingTrustManager(private val delegate: X509TrustManager) : X509TrustManager {
    val calls: MutableList<String> = ArrayList()

    override fun getAcceptedIssuers(): Array<X509Certificate> = delegate.acceptedIssuers

    override fun checkClientTrusted(
      chain: Array<X509Certificate>,
      authType: String,
    ) {
      calls.add("checkClientTrusted " + certificatesToString(chain))
    }