}

  /**
   * Verify that we don't retry connections on certificate verification errors.
   *
   * http://code.google.com/p/android/issues/detail?id=13178
   */
  @Flaky
  @Test
  fun connectViaHttpsToUntrustedServer() {
    // Flaky https://github.com/square/okhttp/issues/5222
    server.useHttps(handshakeCertificates.sslSocketFactory())
    server.enqueue(MockResponse()) // unused
    assertFailsWith<IOException> {

   * https://github.com/square/okhttp/issues/5667
   */
  @Test
  fun hostToUriStripsCharacters() {
    val httpUrl = "http://example\".com/".toHttpUrl()
    assertThat(httpUrl.toUri().toString()).isEqualTo("http://example.com/")
  }

  /** Confirm that URI retains other characters. https://github.com/square/okhttp/issues/5236 */
  @Test
  fun hostToUriStripsCharacters2() {

      assertThat(response.body.string()).isEqualTo("abc")
      assertThat(response.trailers()).isEqualTo(headersOf("caboose", "xyz"))
    }
  }

  @Disabled("Follow up with fix in https://github.com/square/okhttp/issues/6853")
  @Test
  fun serverDisconnectsBeforeSecondRequestHttp1() {
    enableProtocol(Protocol.HTTP_1_1)

    server.enqueue(MockResponse(code = 200, body = "Req1"))

import assertk.assertions.isNull
import okhttp3.internal.http.parseChallenges
import org.junit.jupiter.api.Disabled
import org.junit.jupiter.api.Test

class HeadersChallengesTest {
  /** See https://github.com/square/okhttp/issues/2780.  */
  @Test fun testDigestChallengeWithStrictRfc2617Header() {
    val headers =
      Headers.Builder()
        .add(
          "WWW-Authenticate",

[OpenJDK]: https://openjdk.java.net/groups/security/
[OpenJSSE]: https://github.com/openjsse/openjsse
[OpenSSL]: https://www.openssl.org/
[bug5592]: https://github.com/square/okhttp/issues/5592

    assertInvalid("http://[::1%2544]", "Invalid URL host: \"[::1%2544]\"")
  }

  @Test
  fun hostIpv6AddressTooManyLeadingZeros() {
    // Guava's been buggy on this case. https://github.com/google/guava/issues/3116
    assertInvalid(
      "http://[2001:db8:0:0:1:0:0:00001]",
      "Invalid URL host: \"[2001:db8:0:0:1:0:0:00001]\"",
    )
  }

  @Test
  fun hostIpv6WithIpv4Suffix() {

      }
    }

  /** Returns true if the certificate was signed by [issuer]. */
  @Throws(SignatureException::class)
  fun checkSignature(issuer: PublicKey): Boolean {
    val signedData = CertificateAdapters.tbsCertificate.toDer(tbsCertificate)

    return Signature.getInstance(tbsCertificate.signatureAlgorithmName).run {
      initVerify(issuer)
      update(signedData.toByteArray())

@Target(AnnotationTarget.CLASS, AnnotationTarget.FUNCTION)
@Retention(AnnotationRetention.RUNTIME)
/**
 * Annotation marking a test as flaky, and requires extra logging and linking against
 * a known github issue.  This does not ignore the failure.
 */

 *  Fix: Strictly verify hostnames used with OkHttp's `HostnameVerifier`. Programs that make direct
    manual calls to `HostnameVerifier` could be defeated if the hostnames they pass in are not
    strictly ASCII. This issue is tracked as [CVE-2021-0341].


## Version 4.9.1

_2021-01-30_

 *  Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads

## Reporting a Vulnerability

Square recognizes the important contributions the security research community
can make. We therefore encourage reporting security issues with the code
contained in this repository.

If you believe you have discovered a security vulnerability, please follow the
guidelines at https://bugcrowd.com/squareopensource


## Verifying Artifacts