.certificateAuthority(0)
        .rsa2048()
        .build()
    val leaf =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .ecdsa256()
        .signedBy(root)
        .build()
    assertThat(root.certificate.sigAlgName).isEqualTo("SHA256WITHRSA", ignoreCase = true)
    assertThat(leaf.certificate.sigAlgName).isEqualTo("SHA256WITHRSA", ignoreCase = true)
  }

  @Test

      // '!' represents an interior node that represents a REGISTRY entry in the map.
      // '?' represents a leaf node, which represents a REGISTRY entry in map.
      // ':' represents an interior node that represents a private entry in the map
      // ',' represents a leaf node, which represents a private entry in the map.
      String domain = DIRECT_JOINER.join(stack);

      if (domain.length() > 0) {

#
# This file is a series of lines, each of the form:
#     <type> <name>
#
# Type can be:
#    path - an exact path to a single file
#    file-name - an exact leaf filename, regardless of path
#    path-prefix - a prefix match on the file path
#    file-prefix - a prefix match of the leaf filename (no path)
#    paths-from-repo - read a file from the repo and load file paths
#

file-prefix	zz_generated.

file-name	types.generated.go

  REGISTRY('!', '?');

  /** The character used for an inner node in the trie encoding */
  private final char innerNodeCode;

  /** The character used for a leaf node in the trie encoding */
  private final char leafNodeCode;

  PublicSuffixType(char innerNodeCode, char leafNodeCode) {
    this.innerNodeCode = innerNodeCode;
    this.leafNodeCode = leafNodeCode;
  }

  REGISTRY('!', '?');

  /** The character used for an inner node in the trie encoding */
  private final char innerNodeCode;

  /** The character used for a leaf node in the trie encoding */
  private final char leafNodeCode;

  PublicSuffixType(char innerNodeCode, char leafNodeCode) {
    this.innerNodeCode = innerNodeCode;
    this.leafNodeCode = leafNodeCode;
  }

internal data class BasicConstraints(
  /** True if this certificate can be used as a Certificate Authority (CA). */
  val ca: Boolean,
  /** The maximum number of intermediate CAs between this and leaf certificates. */
  val maxIntermediateCas: Long?,
)

/** A private key. Note that this class doesn't support attributes or an embedded public key. */
internal data class PrivateKeyInfo(
  // v1(0), v2(1).

func unwrapErrs(err error) (leafErr error) {
	uerr := errors.Unwrap(err)
	depth := 1
	for uerr != nil {
		// Save the current `uerr`
		leafErr = uerr
		// continue to look for leaf errors underneath
		uerr = errors.Unwrap(leafErr)
		depth++
		if depth == unwrapErrsDepth {
			// If we have reached enough depth we
			// do not further recurse down, this
			// is done to avoid any unnecessary

    val cleaner = get(root)
    assertFailsWith<SSLPeerUnverifiedException> {
      cleaner.clean(certificates, "hostname")
    }
  }

  /** Returns a chain starting at the leaf certificate and progressing to the root.  */
  private fun chainOfLength(length: Int): List<HeldCertificate> {
    val result = mutableListOf<HeldCertificate>()
    for (i in 1..length) {
      result.add(
        0,

	peerCertificates := make([]*x509.Certificate, 0, len(r.TLS.PeerCertificates))
	for _, cert := range r.TLS.PeerCertificates {
		if cert.IsCA {
			continue
		}
		peerCertificates = append(peerCertificates, cert)
	}
	r.TLS.PeerCertificates = peerCertificates

	// Now, we have to check that the client has provided exactly one leaf
	// certificate that we can map to a policy.

        .signedBy(pinnedRoot)
        .build()
    val attackerSwitch =
      HeldCertificate.Builder()
        .serialNumber(5L)
        .keyPair(attackerIntermediate.keyPair) // share keys between compromised CA and leaf!
        .commonName("attacker")
        .addSubjectAlternativeName("attacker.com")
        .signedBy(pinnedIntermediate)
        .build()
    val phonyVictim =
      HeldCertificate.Builder()