OkHttp DNS over HTTPS Implementation
====================================

This module is an implementation of [DNS over HTTPS][1] using OkHttp.

### Download

```kotlin
testImplementation("com.squareup.okhttp3:okhttp-dnsoverhttps:4.12.0")
```

### Usage

```
  val appCache = Cache(File("cacheDir", "okhttpcache"), 10 * 1024 * 1024)
  val bootstrapClient = OkHttpClient.Builder().cache(appCache).build()

By default MockWebServer uses a queue to specify a series of responses. Use a
Dispatcher (`import okhttp3.mockwebserver.Dispatcher`) to handle requests using another policy. One natural policy is to
dispatch on the request path.
You can, for example, filter the request instead of using `server.enqueue()`.

```java
final Dispatcher dispatcher = new Dispatcher() {

    @Override

#!/bin/bash

# The website is built using MkDocs with the Material theme.
# https://squidfunk.github.io/mkdocs-material/
# It requires python3 to run.

set -ex

REPO="******@****.***:square/okhttp.git"
DIR=temp-clone

# Delete any existing temporary website clone
rm -rf $DIR

# Clone the current repo into temp folder
git clone $REPO $DIR
# Replace `git clone` with these lines to hack on the website locally

import assertk.assertThat
import assertk.assertions.isEqualTo
import okhttp3.internal.http2.hpackjson.HpackJsonUtil
import okhttp3.internal.http2.hpackjson.Story
import okio.Buffer

/**
 * Tests Hpack implementation using https://github.com/http2jp/hpack-test-case/
 */
open class HpackDecodeTestBase {
  private val bytesIn = Buffer()
  private val hpackReader = Hpack.Reader(bytesIn, 4096)

  protected fun testDecoder(story: Story) {

 * **reactive** authentication after receiving a challenge from either an origin web server or proxy
 * server.
 *
 * ## Preemptive Authentication
 *
 * To make HTTPS calls using an HTTP proxy server OkHttp must first negotiate a connection with
 * the proxy. This proxy connection is called a "TLS Tunnel" and is specified by

/**
 * Example of using a hardware key to perform client auth.
 * Prefer recent JDK builds, and results are temperamental to slight environment changes.
 * Different instructions and configuration may be required for other hardware devices.
 *
 * Using a yubikey device as a SSL key store.
 * https://lauri.võsandi.com/2017/03/yubikey-for-ssh-auth.html
 *
 * Using PKCS11 support in the JDK.

$ echo "no" | avdmanager --verbose create avd --force --name "pixel5" --device "pixel" --package "system-images;android-29;google_apis;x86" --tag "google_apis" --abi "x86"
```

2. Run an Emulator using Android Studio or from command line.

```
$ emulator -no-window -no-snapshot-load @pixel5
```

2. Turn on logs with logcat

```

 * What should be done with the incoming socket.
 *
 * Be careful when using values like [DisconnectAtEnd], [ShutdownInputAtEnd]
 * and [ShutdownOutputAtEnd] that close a socket after a response, and where there are
 * follow-up requests. The client is unblocked and free to continue as soon as it has received the
 * entire response body. If and when the client makes a subsequent request using a pooled socket the

HttpLoggingInterceptor logging = new HttpLoggingInterceptor(new Logger() {
  @Override public void log(String message) {
    Timber.tag("OkHttp").d(message);
  }
});
```

**Warning**: The logs generated by this interceptor when using the `HEADERS` or `BODY` levels have
the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in

import javax.net.ssl.X509TrustManager
import okhttp3.internal.SuppressSignatureCheck
import okhttp3.internal.tls.CertificateChainCleaner

/**
 * Android implementation of CertificateChainCleaner using direct Android API calls.
 * Not used if X509TrustManager doesn't implement [X509TrustManager.checkServerTrusted] with
 * an additional host param.
 */
internal class AndroidCertificateChainCleaner(