): Long {
      while (left == 0) {
        source.skip(padding.toLong())
        padding = 0
        if (flags and FLAG_END_HEADERS != 0) return -1L
        readContinuationHeader()
        // TODO: test case for empty continuation header?
      }

      val read = source.read(sink, minOf(byteCount, left.toLong()))
      if (read == -1L) return -1L
      left -= read.toInt()
      return read
    }

import org.openjsse.net.ssl.OpenJSSE
import org.opentest4j.TestAbortedException

/**
 * Marks a test as Platform aware, before the test runs a consistent Platform will be
 * established e.g. SecurityProvider for Conscrypt installed.
 *
 * Also allows a test file to state general platform assumptions, or for individual test.
 */
@Suppress("unused", "MemberVisibilityCanBePrivate")
open class PlatformRule
  @JvmOverloads

 *    match additional prefixes (`us-west.www.publicobject.com`) or suffixes (`publicobject.com`).
 *
 *  * **Any number of subdomains**: Use two asterisks to like `**.publicobject.com` to match any
 *    number of prefixes (`us-west.www.publicobject.com`, `www.publicobject.com`) including no
 *    prefix at all (`publicobject.com`). For most applications this is the best way to configure
 *    certificate pinning.
 *

 * the updated response if it has changed, or a short 'not modified' response if the client's copy
 * is still valid. Such responses increment both the network count and hit count.
 *
 * The best way to improve the cache hit rate is by configuring the web server to return cacheable
 * responses. Although this client honors all [HTTP/1.1 (RFC 7234)][rfc_7234] cache headers, it
 * doesn't cache partial responses.
 *

     * fit comfortably within a single ethernet packet (1500 bytes) even with framing overhead.
     *
     * For tests this must be big enough to realize real compression on test messages like
     * 'aaaaaaaaaa...'. Our tests check if compression was applied just by looking at the size if
     * the inbound buffer.
     */
    const val DEFAULT_MINIMUM_DEFLATE_SIZE = 1024L
  }

 * during handshake, and then take the agreed masterSecret from private fields of the session.
 *
 * Copy WireSharkKeyLoggerListener to your test code to use in development.
 *
 * This logs TLSv1.2 on a JVM (OpenJDK 11+) without any additional code.  For TLSv1.3
 * an existing external tool is required.
 *

    requests with the same POST data get the same cache entry.

 *  New: `HttpLoggingInterceptor.redactQueryParams()` configures the query parameters to redact
    in logs. For best security, don't put sensitive information in query parameters.

 *  New: `ConnectionPool.setPolicy()` configures a minimum connection pool size for a target
    address. Use this to proactively open HTTP connections.

nlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html) attack. And in OkHttp 2.3 we dropped support for [RC4](https://en.wikipedia.org/wiki/RC4#Security). As with your desktop web browser, staying up-to-date with OkHttp is the best way to stay secure.

You can build your own connection spec with a custom set of TLS versions and cipher suites. For example, this configuration is limited to three highly-regarded cipher suites. Its drawback is that it requires Android 5.0+...

   * example, thread A may be executing [responseBodyStart] while thread B executes [canceled].
   * Implementations must support such concurrent calls.
   *
   * Note that cancellation is best-effort and that a call may proceed normally after it has been
   * canceled. For example, happy-path events like [requestHeadersStart] and [requestHeadersEnd] may

    checkPublicSuffix("test.ck", null)
    checkPublicSuffix("b.test.ck", "b.test.ck")
    checkPublicSuffix("a.b.test.ck", "b.test.ck")
    checkPublicSuffix("www.ck", "www.ck")
    checkPublicSuffix("www.www.ck", "www.ck")
    // US K12.
    checkPublicSuffix("us", null)
    checkPublicSuffix("test.us", "test.us")
    checkPublicSuffix("www.test.us", "test.us")
    checkPublicSuffix("ak.us", null)