val extensions: List<Extension>,
) {
  /**
   * Returns the standard name of this certificate's signature algorithm as specified by
   * [Signature.getInstance]. Typical values are like "SHA256WithRSA".
   */
  val signatureAlgorithmName: String
    get() {
      return when (signature.algorithm) {
        ObjectIdentifiers.SHA256_WITH_RSA_ENCRYPTION -> "SHA256WithRSA"

robolectric-android = "org.robolectric:android-all:14-robolectric-10818077"
robolectric = "org.robolectric:robolectric:4.12.1"
signature-android-apilevel21 = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r2"
signature-android-apilevel24 = "net.sf.androidscents.signature:android-api-level-24:7.0_r2"
squareup-moshi = { module = "com.squareup.moshi:moshi", version.ref = "com-squareup-moshi" }

          issuerUniqueID = null,
          subjectUniqueID = null,
          extensions = extensions(),
        )

      // Signature.
      val signature =
        Signature.getInstance(tbsCertificate.signatureAlgorithmName).run {
          initSign(issuerKeyPair.private)
          update(CertificateAdapters.tbsCertificate.toDer(tbsCertificate).toByteArray())
          sign().toByteString()

    } else {
      // Everything else requires Android API 21+.
      signature(rootProject.libs.signature.android.apilevel21) { artifact { type = "signature" } }
    }

    // OkHttp requires Java 8+.
    signature(rootProject.libs.codehaus.signature.java18) { artifact { type = "signature" } }
  }

  tasks.withType<KotlinCompile> {
    kotlinOptions {
      jvmTarget = JavaVersion.VERSION_1_8.toString()

        )
      },
    )

  /**
   * ```
   * TBSCertificate ::= SEQUENCE  {
   *   version         [0]  EXPLICIT Version DEFAULT v1,
   *   serialNumber         CertificateSerialNumber,
   *   signature            AlgorithmIdentifier,
   *   issuer               Name,
   *   validity             Validity,
   *   subject              Name,
   *   subjectPublicKeyInfo SubjectPublicKeyInfo,

```

The best way to verify artifacts is [automatically with Gradle][gradle_verification].


[gradle_verification]: https://docs.gradle.org/current/userguide/dependency_verification.html#sec:signature-verification

      .isEqualTo(javaCertificate.signature.toByteString())

    assertThat(okHttpCertificate).isEqualTo(
      Certificate(
        tbsCertificate =
          TbsCertificate(
            // v3.
            version = 2L,
            serialNumber = BigInteger("1372799044"),
            signature =
              AlgorithmIdentifier(

  override fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex =
    try {
      // From org.conscrypt.TrustManagerImpl, we want the method with this signature:
      // private TrustAnchor findTrustAnchorByIssuerAndSignature(X509Certificate lastCert);
      val method =
        trustManager.javaClass.getDeclaredMethod(
          "findTrustAnchorByIssuerAndSignature",

     *     .build();
     * ```
     *
     * ## TrustManagers on Android are Weird!
     *
     * Trust managers targeting Android must also define a method that has this signature:
     *
     * ```java
     *    @SuppressWarnings("unused")
     *    public List<X509Certificate> checkServerTrusted(
     *        X509Certificate[] chain, String authType, String host) throws CertificateException {

FB01          ; mapped                 ; 0066 0069     # 1.1  LATIN SMALL LIGATURE FI
FB02          ; mapped                 ; 0066 006C     # 1.1  LATIN SMALL LIGATURE FL
FB03          ; mapped                 ; 0066 0066 0069 #1.1  LATIN SMALL LIGATURE FFI
FB04          ; mapped                 ; 0066 0066 006C #1.1  LATIN SMALL LIGATURE FFL