bytesIn.writeByte(0x0d) // Literal value (len = 13)
    bytesIn.writeUtf8("custom-header")

    // Set to only support 110 bytes (enough for 2 headers).
    // Use a new Writer because we don't support change the dynamic table
    // size after Writer constructed.
    val writer = Hpack.Writer(110, false, bytesOut)
    writer.writeHeaders(headerBlock)
    assertThat(bytesOut).isEqualTo(bytesIn)

      const val LOOM_PROPERTY = "loom"

      /**
       * For whatever reason our BouncyCastle provider doesn't work with ECDSA keys. Just configure it
       * to use RSA-2048 instead.
       *
       * (We otherwise prefer ECDSA because it's faster.)
       */
      private val localhostHandshakeCertificatesWithRsa2048: HandshakeCertificates by lazy {
        val heldCertificate =
          HeldCertificate.Builder()

          expiresAt = MAX_DATE // Handle overflow & limit the date range.
        }
      }

      // If the domain is present, it must domain match. Otherwise we have a host-only cookie.
      val urlHost = url.host
      if (domain == null) {
        domain = urlHost
      } else if (!domainMatch(urlHost, domain)) {

        .name("a")
        .value("b")
        .domain("example.com")
        .sameSite(sameSite)
        .build()
    assertThat(cookie.sameSite).isEqualTo(sameSite)
  }

  /** Note that we permit building a cookie that doesn’t follow the rules. */
  @Test fun builderSameSiteNoneDoesNotRequireSecure() {
    val cookieBuilder =
      Cookie.Builder()
        .name("a")
        .value("b")

   * invoked at any point in a call's life, including before [callStart] and after [callEnd].
   */
  open fun canceled(call: Call) {
  }

  /**
   * Invoked when a call fails due to cache rules.
   * For example, we're forbidden from using the network and the cache is insufficient
   */
  open fun satisfactionFailure(
    call: Call,
    response: Response,
  ) {
  }

  /**

   *
   * We get plan0 and plan1 from the route planner.
   * We get plan2 as a follow-up to plan1, typically retry the same IP but different TLS.
   * We get plan3 as a retry of plan0, which was canceled when it lost the race.
   *
   * This test confirms that we prefer to do the TLS follow-up (plan2) before the TCP retry (plan3).
   * It also confirms we enforce the 250 ms delay in each race.
   */
  @Test

          try {
            // Wait for request2 to guarantee we make 2 separate connections to the server.
            latch1.await()
          } catch (e: InterruptedException) {
            throw AssertionError(e)
          }
        }

        override fun connectionAcquired(
          call: Call,
          connection: Connection,
        ) {

  private const val PREFIX_7_BITS = 0x7f

  private const val SETTINGS_HEADER_TABLE_SIZE = 4_096

  /**
   * The decoder has ultimate control of the maximum size of the dynamic table but we can choose
   * to use less. We'll put a cap at 16K. This is arbitrary but should be enough for most purposes.
   */
  private const val SETTINGS_HEADER_TABLE_SIZE_LIMIT = 16_384

  val STATIC_HEADER_TABLE =
    arrayOf(

      "FINE: Q10000 starting              : task",
      "FINE: Q10000 finished run in   0 µs: task",
    )
  }

  /** Inspect how many runnables have been enqueued. If none then we're truly sequential. */
  @Test fun singleQueueIsSerial() {
    redQueue.execute("task one", 100.µs) {
      log += "one:run@${taskFaker.nanoTime} parallel=${taskFaker.isParallel}"
    }

    // an SSL context for an attacking webserver. It includes both these rogue certificates plus the
    // trusted good certificate above. The attack is that by including the good certificate in the
    // chain, we may trick the certificate pinner into accepting the rouge certificate.
    val compromisedIntermediateCa =
      HeldCertificate.Builder()
        .signedBy(rootCa)
        .certificateAuthority(0)