*     writing process sets something else. This is used to encode SEQUENCES in values that are
   *     declared to have non-constructed values, like OCTET STRING values.
   */
  @Suppress("UNCHECKED_CAST") // read() produces a single element of the expected type.
  fun withExplicitBox(
    tagClass: Int = DerHeader.TAG_CLASS_CONTEXT_SPECIFIC,
    tag: Long,
    forceConstructed: Boolean? = null,

    if (timeoutEarlyExit) return cause
    if (!timeout.exit()) return cause

    val e = InterruptedIOException("timeout")
    if (cause != null) e.initCause(cause)
    @Suppress("UNCHECKED_CAST") // E is either IOException or IOException?
    return e as E
  }

  /**
   * Stops applying the timeout before the call is entirely complete. This is used for WebSockets

    scheduling. In your debugger you will see new thread names and more use of daemon threads.

 *  Fix: Don't drop callbacks on unexpected exceptions. When an interceptor throws an unchecked
    exception the callback is now notified that the call was canceled. The exception is still sent
    to the uncaught exception handler for reporting and recovery.

        "x509TrustManager",
      )
    return x509TrustManager ?: readFieldOrNull(
      context,
      X509TrustManager::class.java,
      "trustManager",
    )
  }

  companion object {
    @Suppress("UNCHECKED_CAST")
    fun buildIfSupported(packageName: String = "com.android.org.conscrypt"): SocketAdapter? {
      return try {
        val sslSocketClass = Class.forName("$packageName.OpenSSLSocketImpl") as Class<in SSLSocket>

  /**
   * Value for [B1_MASK_LENGTH] which indicates the next eight bytes are the unsigned
   * length.
   */
  internal const val PAYLOAD_LONG = 127

  /** Used when an unchecked exception was thrown in a listener. */
  internal const val CLOSE_CLIENT_GOING_AWAY = 1001

  /** Used when an empty close frame was received (i.e., without a status code). */
  internal const val CLOSE_NO_STATUS_CODE = 1005

  }

  override fun getLocalPrincipal(): Principal {
    throw UnsupportedOperationException()
  }

  override fun getPacketBufferSize(): Int {
    throw UnsupportedOperationException()
  }

  @Suppress("UNCHECKED_CAST")
  @Throws(SSLPeerUnverifiedException::class)
  override fun getPeerCertificates(): Array<Certificate> {
    return if (certificates.isEmpty()) {
      throw SSLPeerUnverifiedException("peer not authenticated")

   * true when removing a connection from the pool; otherwise a racing caller might get it from the
   * pool when it shouldn't. Symmetrically, this must always be checked before returning a
   * connection from the pool.
   *
   * Once true this is always true. Guarded by this.
   */
  var noNewExchanges = false

  /**

        # shellcheck disable=SC2039,SC3045
        MAX_FD=$( ulimit -H -n ) ||
            warn "Could not query maximum file descriptor limit"
    esac
    case $MAX_FD in  #(
      '' | soft) :;; #(
      *)
        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
        # shellcheck disable=SC2039,SC3045

        String::class.java,
      )
    } catch (_: NoSuchMethodException) {
      null
    }

  /** Android method to clean and sort certificates, called via reflection. */
  @Suppress("unused", "UNCHECKED_CAST")
  fun checkServerTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    host: String,
  ): List<Certificate> {
    if (host in insecureHosts) return listOf()
    try {
      val method =

 */
internal class AndroidCertificateChainCleaner(
  private val trustManager: X509TrustManager,
  private val x509TrustManagerExtensions: X509TrustManagerExtensions,
) : CertificateChainCleaner() {
  @Suppress("UNCHECKED_CAST")
  @Throws(SSLPeerUnverifiedException::class)
  @SuppressSignatureCheck
  override fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate> {