* generated.
     */
    fun keyPair(keyPair: KeyPair) =
      apply {
        this.keyPair = keyPair
      }

    /**
     * Sets the public/private key pair used for this certificate. If unset a key pair will be
     * generated.
     */
    fun keyPair(
      publicKey: PublicKey,
      privateKey: PrivateKey,
    ) = apply {
      keyPair(KeyPair(publicKey, privateKey))
    }

    /**

	public final fun -deprecated_keyPair ()Ljava/security/KeyPair;
	public fun <init> (Ljava/security/KeyPair;Ljava/security/cert/X509Certificate;)V
	public final fun certificate ()Ljava/security/cert/X509Certificate;
	public final fun certificatePem ()Ljava/lang/String;
	public static final fun decode (Ljava/lang/String;)Lokhttp3/tls/HeldCertificate;
	public final fun keyPair ()Ljava/security/KeyPair;
	public final fun privateKeyPkcs1Pem ()Ljava/lang/String;

  /** Multiple certificates generated from the same keypair have the same pin.  */
  @Test
  fun sameKeypairSamePin() {
    val heldCertificateA2 =
      HeldCertificate.Builder()
        .keyPair(certA1.keyPair)
        .serialNumber(101L)
        .build()
    val keypairACertificate2Pin = pin(heldCertificateA2.certificate)
    val heldCertificateB2 =
      HeldCertificate.Builder()
        .keyPair(certB1.keyPair)
        .serialNumber(201L)

          ),
      )
    assertThat(okHttpCertificateWithBadSignature.checkSignature(root.keyPair.public)).isFalse()

    // Wrong public key.
    assertThat(okHttpCertificate.checkSignature(certificate.keyPair.public)).isFalse()
  }

  @Test
  fun `EC issuer and signature`() {
    val root =
      HeldCertificate.Builder()
        .certificateAuthority(0)

  @Test @Disabled
  fun heldCertificate() {
    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()
    val certificate: X509Certificate = heldCertificate.certificate()
    val keyPair: KeyPair = heldCertificate.keyPair()
  }

  @Test @Disabled
  fun mediaType() {
    val mediaType: MediaType = MediaType.get("")
    val type: String = mediaType.type()
    val subtype: String = mediaType.subtype()

    val keyPair: KeyPair = heldCertificate.keyPair
    val certificatePem: String = heldCertificate.certificatePem()
    val privateKeyPkcs8Pem: String = heldCertificate.privateKeyPkcs8Pem()
    val privateKeyPkcs1Pem: String = heldCertificate.privateKeyPkcs1Pem()
  }

  @Test
  fun heldCertificateBuilder() {
    val keyPair: KeyPair = KeyPairGenerator.getInstance("").genKeyPair()

      val chain = arrayOfNulls<Certificate>(1 + intermediates.size)
      chain[0] = heldCertificate.certificate
      intermediates.copyInto(chain, 1)
      keyStore.setKeyEntry("private", heldCertificate.keyPair.private, password, chain)
    }

    val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
    factory.init(keyStore, password)
    val result = factory.keyManagers!!

        .commonName("pinned intermediate")
        .signedBy(pinnedRoot)
        .build()
    val attackerSwitch =
      HeldCertificate.Builder()
        .serialNumber(5L)
        .keyPair(attackerIntermediate.keyPair) // share keys between compromised CA and leaf!
        .commonName("attacker")
        .addSubjectAlternativeName("attacker.com")
        .signedBy(pinnedIntermediate)
        .build()

        .addTrustedCertificate(root.certificate) // BouncyCastle requires at least one
        .heldCertificate(certificate, intermediate.certificate)
        .build()
    assertPrivateKeysEquals(
      certificate.keyPair.private,
      handshakeCertificates.keyManager.getPrivateKey("private"),
    )
    assertThat(handshakeCertificates.keyManager.getCertificateChain("private").toList())

      }

    fun build(): HandshakeCertificates {
      val immutableInsecureHosts = insecureHosts.toImmutableList()

      val heldCertificate = heldCertificate
      if (heldCertificate != null && heldCertificate.keyPair.private.format == null) {
        throw KeyStoreException("unable to support unencodable private key")
      }

      val keyManager = newKeyManager(null, heldCertificate, *(intermediates ?: emptyArray()))