val knownFailures =
    setOf(
      // OkHttp rejects empty labels.
      "x..xn--zca",
      "x..ß",
      // OkHttp rejects labels longer than 63 code points, the web platform tests don't.
      "x01234567890123456789012345678901234567890123456789012345678901x.xn--zca",
      "x01234567890123456789012345678901234567890123456789012345678901x.ß",
      "x01234567890123456789012345678901234567890123456789012345678901x",

    assertThat(request.tag(String::class.java)).isSameAs(stringTag)
    assertThat(request.tag(Long::class.javaObjectType)).isSameAs(longTag)
  }

  /** Confirm that we don't accidentally share the backing map between objects. */
  @Test
  fun tagsAreImmutable() {
    val builder =
      Request.Builder()
        .url("https://square.com")

   * Does nothing if there are no certificates pinned for `hostname`. OkHttp calls this after a
   * successful TLS handshake, but before the connection is used.
   *
   * @throws SSLPeerUnverifiedException if `peerCertificates` don't match the certificates pinned
   *     for `hostname`.
   */
  @Throws(SSLPeerUnverifiedException::class)
  fun check(
    hostname: String,
    peerCertificates: List<Certificate>,
  ) {

      }
    }
  }

  private fun ensureAllTaskQueuesIdle() {
    val entryTime = System.nanoTime()

    for (queue in TaskRunner.INSTANCE.activeQueues()) {
      // We wait at most 1 second, so we don't ever turn multiple lost threads into
      // a test timeout failure.
      val waitTime = (entryTime + 1_000_000_000L - System.nanoTime())
      if (!queue.idleLatch().await(waitTime, TimeUnit.NANOSECONDS)) {

        keySize = 256
      }

    /**
     * Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of
     * security. RSA keys are interoperable with very old clients that don't support ECDSA.
     */
    fun rsa2048() =
      apply {
        keyAlgorithm = "RSA"
        keySize = 2048
      }

    fun build(): HeldCertificate {
      // Subject keys & identity.

    //     we find them, regardless of what the address policies need.
    //
    //  2. EVICTABLE: Connections not required by any address policy. This matches connections that
    //     don't participate in any policy, plus connections whose policies won't be violated if the
    //     connection is closed. We only close these if the idle connection limit is exceeded.
    //

      return object : RequestBody() {
        override fun contentType(): MediaType? {
          return ******@****.***tType()
        }

        override fun contentLength(): Long {
          return -1 // We don't know the compressed length in advance!
        }

        @Throws(IOException::class)
        override fun writeTo(sink: BufferedSink) {
          GzipSink(sink).buffer().use(this@gzip::writeTo)
        }

    client =
      client.newBuilder()
        .addNetworkInterceptor(
          Interceptor { chain: Interceptor.Chain? ->
            throw AssertionError() // Network interceptors don't execute.
          },
        )
        .build()
    webServer.enqueue(
      MockResponse.Builder()
        .webSocketUpgrade(serverListener)
        .build(),
    )

    return lock.withLock(action)
  }

  inline fun <T> Http2Writer.withLock(action: () -> T): T {
    contract { callsInPlace(action, InvocationKind.EXACTLY_ONCE) }

    // TODO can we assert we don't have the connection lock?

    return lock.withLock(action)
  }

      try {
        remove(response.request)
      } catch (_: IOException) {
        // The cache cannot be written.
      }
      return null
    }

    if (requestMethod != "GET") {
      // Don't cache non-GET responses. We're technically allowed to cache HEAD requests and some
      // POST requests, but the complexity of doing so is high and the benefit is low.
      return null
    }