// that they have access to.
//
// It can be optionally associated with a particular assigner, in which case it
// contains one valid set of trust anchors for that signer. Signers may have
// multiple associated ClusterTrustBundles; each is an independent set of trust
// anchors for that signer. Admission control is used to enforce that only users
// with permissions on the signer can create or modify the corresponding bundle.

    /**
     * No trust - no information about status.
     */
    public static final ArtifactStatus NONE = new ArtifactStatus("none", 0);

    /**
     * No trust - information was generated with defaults.
     */
    public static final ArtifactStatus GENERATED = new ArtifactStatus("generated", 1);

    /**
     * Low trust - was converted from the Maven 1.x repository.
     */

		ACB_MNS                    = 0x00000020, /* 1 = MNS logon user account */
		ACB_DOMTRUST               = 0x00000040, /* 1 = Interdomain trust account */
		ACB_WSTRUST                = 0x00000080, /* 1 = Workstation trust account */
		ACB_SVRTRUST               = 0x00000100, /* 1 = Server trust account */
		ACB_PWNOEXP                = 0x00000200, /* 1 = User password does not expire */

MockWebServer server = new MockWebServer();
server.useHttps(serverCertificates.sslSocketFactory(), false);
```

`HandshakeCertificates` also works for clients where its job is to define which root certificates
to trust. In this simplified example we trust the server's self-signed certificate:

```java
HandshakeCertificates clientCertificates = new HandshakeCertificates.Builder()
    .addTrustedCertificate(localhostCertificate.certificate())
    .build();

		secretItemColumns = append(secretItemColumns, "TRUST DOMAIN")
	}
	tw := new(tabwriter.Writer).Init(w.w, 0, 5, 5, ' ', 0)
	fmt.Fprintln(tw, strings.Join(secretItemColumns, "\t"))
	for _, s := range secrets {
		if includeConfigType {
			s.Name = fmt.Sprintf("secret/%s", s.Name)
		}
		// If all secrets have a trust domain, we are probably dealing with trust domain federation, so print trust domains.

      .build()
  }

  /** Returns an SSL client for this host's localhost address. */
  @JvmStatic
  fun localhost(): HandshakeCertificates = localhost

  /** Returns a trust manager that trusts `trustedCertificates`. */
  @JvmStatic @IgnoreJRERequirement
  fun newTrustManager(
    keyStoreType: String?,
    trustedCertificates: List<X509Certificate>,
    insecureHosts: List<String>,

import okhttp3.internal.toImmutableList
import okhttp3.tls.internal.TlsUtil.newKeyManager
import okhttp3.tls.internal.TlsUtil.newTrustManager

/**
 * Certificates to identify which peers to trust and also to earn the trust of those peers in kind.
 * Client and server exchange these certificates during the handshake phase of a TLS connection.
 *
 * ### Server Authentication
 *

		ACB_MNS                    = 0x00000020, /* 1 = MNS logon user account */
		ACB_DOMTRUST               = 0x00000040, /* 1 = Interdomain trust account */
		ACB_WSTRUST                = 0x00000080, /* 1 = Workstation trust account */
		ACB_SVRTRUST               = 0x00000100, /* 1 = Server trust account */
		ACB_PWNOEXP                = 0x00000200, /* 1 = User password does not expire */

 *
 * Supported on OpenJDK 8 via the JettyALPN-boot library or Conscrypt.
 *
 * Supported on OpenJDK 9+ via SSLParameters and SSLSocket features.
 *
 * ### Trust Manager Extraction
 *
 * Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
 * manager that was used to create an [SSLSocketFactory].
 *
 * Not supported by choice on JDK9+ due to access checks.
 *
 * ### Android Cleartext Permit Detection

  private val sslExcludeFilter =
    Regex(
      buildString {
        append("^(?:")
        append(
          listOf(
            "Inaccessible trust store",
            "trustStore is",
            "Reload the trust store",
            "Reload trust certs",
            "Reloaded",
            "adding as trusted certificates",
            "Ignore disabled cipher suite",
            "Ignore unsupported cipher suite",