// May fail with ProviderException with root cause like
    // sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID
    val pkcs11 = Security.getProvider("SunPKCS11").configure(config)
    Security.addProvider(pkcs11)

    val callbackHandler = ConsoleCallbackHandler

    val builderList: List<KeyStore.Builder> =
      listOf(

    // Test setup fails on JDK9
    // java.security.KeyStoreException: Certificate chain is not valid
    // at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry
    // http://openjdk.java.net/jeps/229
    // http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/2c1c21d11e58/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#l596
    val keystoreType = if (platform.isJdk9()) "JKS" else null

  /**
   * As described in <a href="https://www.rsa.com/rsalabs/node.asp?id=2138">PKCS #12: Personal
   * Information Exchange Syntax Standard</a>, PKCS #12 defines an archive file format for storing
   * many cryptography objects as a single file.
   *
   * @since 15.0
   */
  public static final MediaType KEY_ARCHIVE = createConstant(APPLICATION_TYPE, "pkcs12");

  /**

  /**
   * As described in <a href="https://www.rsa.com/rsalabs/node.asp?id=2138">PKCS #12: Personal
   * Information Exchange Syntax Standard</a>, PKCS #12 defines an archive file format for storing
   * many cryptography objects as a single file.
   *
   * @since 15.0
   */
  public static final MediaType KEY_ARCHIVE = createConstant(APPLICATION_TYPE, "pkcs12");

  /**

				"application/x-mspublisher",
				"application/x-msschedule",
				"application/x-msterminal",
				"application/x-mswrite",
				"application/x-netcdf",
				"application/x-pkcs12",
				"application/x-pkcs7-certificates",
				"application/x-pkcs7-certreqresp",
				"application/x-prt",
				"application/x-quattro-pro",
				"application/x-rar-compressed",
				"application/x-roxio-toast",
				"application/x-rpm",

    }

  /**
   * Returns the RSA private key encoded in [PKCS #1][rfc_8017] [PEM format][rfc_7468].
   *
   * [rfc_8017]: https://tools.ietf.org/html/rfc8017
   * [rfc_7468]: https://tools.ietf.org/html/rfc7468
   */
  fun privateKeyPkcs1Pem(): String {
    check(keyPair.private is RSAPrivateKey) { "PKCS1 only supports RSA keys" }
    return buildString {

  <mime-type type="application/pkcs10">
    <glob pattern="*.p10"/>
  </mime-type>

  <mime-type type="application/pkcs7-mime">
    <glob pattern="*.p7m"/>
    <glob pattern="*.p7c"/>
  </mime-type>

  <mime-type type="application/pkcs7-signature">
    <glob pattern="*.p7s"/>
    <magic priority="50">
      <!-- PEM encoded -->
      <match value="-----BEGIN PKCS7" type="string" offset="0"/>

## Version 4.2.0

_2019-09-10_

 *  New: API to decode a certificate and private key to create a `HeldCertificate`. This accepts a
    string containing both a certificate and PKCS #8-encoded private key.

    ```kotlin
    val heldCertificate = HeldCertificate.decode("""
        |-----BEGIN CERTIFICATE-----
        |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl