cipherSuite = CipherSuite.TLS_AES_128_GCM_SHA256,
        peerCertificates = listOf(serverCertificate.certificate, serverIntermediate.certificate),
        localCertificates = listOf(),
      )

    assertThat(handshake.tlsVersion).isEqualTo(TlsVersion.TLS_1_3)
    assertThat(handshake.cipherSuite).isEqualTo(CipherSuite.TLS_AES_128_GCM_SHA256)
    assertThat(handshake.peerCertificates).containsExactly(
      serverCertificate.certificate,

      if (!address.hostnameVerifier!!.verify(address.url.host, sslSocketSession)) {
        val peerCertificates = unverifiedHandshake.peerCertificates
        if (peerCertificates.isNotEmpty()) {
          val cert = peerCertificates[0] as X509Certificate
          throw SSLPeerUnverifiedException(
            """
            |Hostname ${address.url.host} not verified:

    message = "moved to val",
    replaceWith = ReplaceWith(expression = "peerCertificates"),
    level = DeprecationLevel.ERROR,
  )
  fun peerCertificates(): List<Certificate> = peerCertificates

  /** Returns the remote peer's principle, or null if that peer is anonymous. */
  @get:JvmName("peerPrincipal")
  val peerPrincipal: Principal?
    get() = (peerCertificates.firstOrNull() as? X509Certificate)?.subjectX500Principal

      .isEqualTo(serverHandshake.peerCertificates)
    assertThat(listOf(serverCertificate.certificate, serverIntermediate.certificate))
      .isEqualTo(serverHandshake.localCertificates)
    val clientHandshake = clientHandshakeFuture.get()
    assertThat(listOf(serverCertificate.certificate, serverIntermediate.certificate))
      .isEqualTo(clientHandshake.peerCertificates)

    val peerCertificates = cleanedPeerCertificatesFn()

    for (peerCertificate in peerCertificates) {
      // Lazily compute the hashes for each certificate.
      var sha1: ByteString? = null
      var sha256: ByteString? = null

      for (pin in pins) {
        when (pin.hashAlgorithm) {
          "sha256" -> {
            if (sha256 == null) sha256 = peerCertificate.sha256Hash()

    assertThat(response.handshake!!.tlsVersion).isNotNull()
    assertThat(response.handshake!!.localCertificates).isEmpty()
    assertThat(response.handshake!!.localPrincipal).isNull()
    assertThat(response.handshake!!.peerCertificates).isEmpty()
    assertThat(response.handshake!!.peerPrincipal).isNull()
  }

  @Test fun `bad certificates host in insecureHosts fails with SSLException`() {
    val heldCertificate =
      HeldCertificate

     * 3
     * Content-Type: image/png
     * Content-Length: 100
     * Cache-Control: max-age=600
     *
     * AES_256_WITH_MD5
     * 2
     * base64-encoded peerCertificate[0]
     * base64-encoded peerCertificate[1]
     * -1
     * TLSv1.2
     * ```
     *
     * The file is newline separated. The first two lines are the URL and the request method. Next

      assertTrue(response.code() == 200 || response.code() == 404);
      assertEquals(Protocol.HTTP_2, response.protocol());

      for (Certificate c: response.handshake().peerCertificates()) {
        X509Certificate x = (X509Certificate) c;
        System.out.println(x.getSubjectDN());
      }
    }
  }

        -----END CERTIFICATE-----
        """.trimIndent(),
      )
    val peerCertificate = session.peerCertificates[0] as X509Certificate

    if (isAndroid || platform.isConscrypt()) {
      assertThat(certificateSANs(peerCertificate)).containsExactly("bar.com")
    } else {
      assertThat(certificateSANs(peerCertificate)).containsExactly("bar.com", "������.co.jp")
    }

    val tlsVersion: TlsVersion = handshake.tlsVersion()
    val cipherSuite: CipherSuite = handshake.cipherSuite()
    val peerCertificates: List<Certificate> = handshake.peerCertificates()
    val peerPrincipal: Principal? = handshake.peerPrincipal()
    val localCertificates: List<Certificate> = handshake.localCertificates()