* ### Android Cleartext Permit Detection
 *
 * Supported on Android 6.0+ via `NetworkSecurityPolicy`.
 */
open class Platform {
  /** Prefix used on custom headers. */
  fun getPrefix() = "OkHttp"

  open fun newSSLContext(): SSLContext = SSLContext.getInstance("TLS")

  open fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        TrustManagerFactory.getDefaultAlgorithm(),
      )

  // and because it's a common pattern for VMs to have differences between supported and
  // defaulted versions for TLS based on what is requested.
  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLSv1.3", provider)

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(

  private val provider: Provider = Conscrypt.newProvider()

  // See release notes https://groups.google.com/forum/#!forum/conscrypt
  // for version differences
  override fun newSSLContext(): SSLContext =
    // supports TLSv1.3 by default (version api is >= 1.4.0)
    SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val trustManagers =

          authType: String?,
        ) {}

        override fun getAcceptedIssuers(): Array<X509Certificate> = arrayOf()
      }

    val sslContext =
      Platform.get().newSSLContext().apply {
        init(null, arrayOf(trustManager), null)
      }
    val sslSocketFactory = sslContext.socketFactory

    val hostnameVerifier = HostnameVerifier { _, _ -> true }

    client =

 *
 * Requires org.bouncycastle:bctls-jdk15on on the classpath.
 */
class BouncyCastlePlatform private constructor() : Platform() {
  private val provider: Provider = BouncyCastleJsseProvider()

  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        "PKIX",

    // sun.security.ssl to unnamed module @xxx
    throw UnsupportedOperationException(
      "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on JDK 8 (>= 252) or JDK 9+",
    )
  }

  override fun newSSLContext(): SSLContext {
    return when {
      majorVersion != null && majorVersion >= 9 ->
        SSLContext.getInstance("TLS")
      else ->
        try {

  )
  fun trustManager(): X509TrustManager = trustManager

  fun sslSocketFactory(): SSLSocketFactory = sslContext().socketFactory

  fun sslContext(): SSLContext {
    return Platform.get().newSSLContext().apply {
      init(arrayOf<KeyManager>(keyManager), arrayOf<TrustManager>(trustManager), SecureRandom())
    }
  }

  class Builder {
    private var heldCertificate: HeldCertificate? = null

        override fun getAcceptedIssuers(): Array<X509Certificate> = arrayOf()
      }

    private fun createInsecureSslSocketFactory(trustManager: TrustManager): SSLSocketFactory =
      Platform.get().newSSLContext().apply {
        init(null, arrayOf(trustManager), null)
      }.socketFactory

    private fun createInsecureHostnameVerifier(): HostnameVerifier = HostnameVerifier { _, _ -> true }
  }

          uri: URI,
          socketAddress: SocketAddress,
          e: IOException,
        ) {}
      }

    val trustManager = get().platformTrustManager()
    val sslContext = get().newSSLContext()
    sslContext.init(null, null, null)

    // new client, may share all same fields but likely different connection pool
    assertNotSame(
      client.routeDatabase,
      OkHttpClient.Builder()

    val trustManager =
      newTrustManager(
        keystoreType,
        emptyList(),
        emptyList(),
      )
    val sslContext = get().newSSLContext()
    sslContext.init(
      arrayOf<KeyManager>(x509KeyManager),
      arrayOf<TrustManager>(trustManager),
      SecureRandom(),
    )
    return sslContext.socketFactory
  }