public final fun -deprecated_certificate ()Ljava/security/cert/X509Certificate;
	public final fun -deprecated_keyPair ()Ljava/security/KeyPair;
	public fun <init> (Ljava/security/KeyPair;Ljava/security/cert/X509Certificate;)V
	public final fun certificate ()Ljava/security/cert/X509Certificate;
	public final fun certificatePem ()Ljava/lang/String;

import assertk.assertions.isEqualTo
import assertk.assertions.isFalse
import assertk.assertions.isInstanceOf
import assertk.assertions.isTrue
import java.io.ByteArrayInputStream
import java.security.cert.CertificateFactory
import java.security.cert.X509Certificate
import javax.net.ssl.SSLSession
import javax.security.auth.x500.X500Principal
import okhttp3.FakeSSLSession
import okhttp3.OkHttpClient
import okhttp3.internal.canParseAsIpAddress

    }
    this.subjectToCaCerts = map
  }

  override fun findByIssuerAndSignature(cert: X509Certificate): X509Certificate? {
    val issuer = cert.issuerX500Principal
    val subjectCaCerts = subjectToCaCerts[issuer] ?: return null

    return subjectCaCerts.firstOrNull {
      try {
        cert.verify(it.publicKey)
        return@firstOrNull true
      } catch (_: Exception) {
        return@firstOrNull false

	"io"
	"log"
	"net/http"
	"strings"
)

var (
	keyFile  string
	certFile string
)

func init() {
	flag.StringVar(&keyFile, "key-file", "", "Path to TLS cert key file")
	flag.StringVar(&certFile, "cert-file", "", "Path to TLS cert file")
}

func writeErrorResponse(w http.ResponseWriter, err error) {
	w.WriteHeader(http.StatusBadRequest)
	json.NewEncoder(w).Encode(map[string]string{

	}

	// Issuer information
	buf.WriteString(color.Blue("%4sIssuer: ", ""))
	printName(cert.Issuer.Names, &buf)

	// Validity information
	buf.WriteString(color.Blue("%4sValidity\n", ""))
	buf.WriteString(color.Bold(fmt.Sprintf("%8sNot Before: %s\n", "", cert.NotBefore.Format(http.TimeFormat))))

 * limitations under the License.
 */
package okhttp.android.test.letsencrypt

import android.os.Build
import assertk.assertThat
import assertk.assertions.isEqualTo
import java.security.cert.X509Certificate
import okhttp3.OkHttpClient
import okhttp3.Protocol
import okhttp3.Request
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.decodeCertificatePem
import org.junit.jupiter.api.Tag

 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.GeneralSecurityException
import java.security.cert.Certificate
import java.security.cert.X509Certificate
import java.util.ArrayDeque
import java.util.Deque
import javax.net.ssl.SSLPeerUnverifiedException

/**

 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate

fun interface TrustRootIndex {
  /** Returns the trusted CA certificate that signed [cert]. */
  fun findByIssuerAndSignature(cert: X509Certificate): X509Certificate?

 */
package okhttp3.internal.platform.android

import android.net.http.X509TrustManagerExtensions
import java.lang.IllegalArgumentException
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.SuppressSignatureCheck

import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import org.junit.Test;
import org.junit.runner.RunWith;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

/**
 * Simple test adaptable to show a failure in older versions of OkHttp