override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? {
    val context: Any? =
      readFieldOrNull(
        sslSocketFactory,
        paramClass,
        "sslParameters",
      )
    val x509TrustManager =
      readFieldOrNull(
        context!!,
        X509TrustManager::class.java,
        "x509TrustManager",
      )
    return x509TrustManager ?: readFieldOrNull(
      context,

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        TrustManagerFactory.getDefaultAlgorithm(),
        provider,
      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {

  }

  open fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    BasicCertificateChainCleaner(buildTrustRootIndex(trustManager))

  open fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex = BasicTrustRootIndex(*trustManager.acceptedIssuers)

  open fun newSslSocketFactory(trustManager: X509TrustManager): SSLSocketFactory {
    try {
      return newSSLContext().apply {

import java.security.cert.X509Certificate
import javax.net.ssl.X509TrustManager

/** This extends [X509TrustManager] for Android to disable verification for a set of hosts. */
internal class InsecureAndroidTrustManager(
  private val delegate: X509TrustManager,
  private val insecureHosts: List<String>,
) : X509TrustManager {
  private val checkServerTrustedMethod: Method? =
    try {

import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.SuppressSignatureCheck
import okhttp3.internal.tls.CertificateChainCleaner

/**
 * Android implementation of CertificateChainCleaner using direct Android API calls.
 * Not used if X509TrustManager doesn't implement [X509TrustManager.checkServerTrusted] with
 * an additional host param.
 */

    factory.init(trustStore)
    val result = factory.trustManagers!!
    check(result.size == 1 && result[0] is X509TrustManager) {
      "Unexpected trust managers: ${result.contentToString()}"
    }

    val trustManager = result[0] as X509TrustManager

    return when {
      insecureHosts.isEmpty() -> trustManager
      Platform.isAndroid -> InsecureAndroidTrustManager(trustManager, insecureHosts)

      else -> true
    }

  override fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    AndroidCertificateChainCleaner.buildIfSupported(trustManager) ?: super.buildCertificateChainCleaner(trustManager)

  override fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex =
    try {
      // From org.conscrypt.TrustManagerImpl, we want the method with this signature:

    // Disabled because OkHttp will run anyway
    Conscrypt.setHostnameVerifier(x509TrustManager, DisabledHostnameVerifier)
    return x509TrustManager
  }

  internal object DisabledHostnameVerifier : ConscryptHostnameVerifier {
    fun verify(
      hostname: String?,
      session: SSLSession?,
    ): Boolean {
      return true
    }

    override fun verify(

      throw new IllegalStateException("Unexpected default trust managers:"
          + Arrays.toString(trustManagers));
    }
    return (X509TrustManager) trustManagers[0];
  }

  private String[] javaNames(List<CipherSuite> cipherSuites) {
    String[] result = new String[cipherSuites.size()];
    for (int i = 0; i < result.length; i++) {

package okhttp3.internal.platform.android

import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.X509TrustManager
import okhttp3.Protocol

interface SocketAdapter {
  fun isSupported(): Boolean

  fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? = null

  fun matchesSocket(sslSocket: SSLSocket): Boolean