* limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate
import javax.security.auth.x500.X500Principal

/** A simple index that of trusted root certificates that have been loaded into memory. */
class BasicTrustRootIndex(
  vararg caCerts: X509Certificate,
) : TrustRootIndex {
  private val subjectToCaCerts: Map<X500Principal, Set<X509Certificate>>

  init {

make
build-essential
patch
rpm2cpio
unar
wget
xz-utils
cpio
gawk
texinfo
gettext

# Other build-related tools
software-properties-common
apt-transport-https
autoconf
automake
ca-certificates
pkg-config
libcurl3-dev
libcurl4-openssl-dev
libfreetype6-dev
libhdf5-serial-dev
libomp-18-dev
libssl-dev
libtool
libssl-dev
libxml2-dev
libxslt1-dev
libzmq3-dev
llvm-18
clang-18

# Packages needed to build devtoolset
file
flex
g++
make
patch
rpm2cpio
unar
wget
xz-utils
cpio

# Other build-related tools
apt-transport-https
autoconf
automake
build-essential
ca-certificates
llvm-18
clang-18
clang-tidy-18
lld-18
clang-format-12
curl
git
parallel
sudo
swig
unzip
zip
openjdk-21-jdk
vim

                 sts_ep='http://localhost:9000'):
        self.cid = cid
        self.csec = csec
        self.idp_ep = idp_ep
        self.sts_ep = sts_ep

        # Load CA certificates from SSL_CERT_FILE file if set
        ca_certs = os.environ.get('SSL_CERT_FILE')
        if not ca_certs:
            ca_certs = certifi.where()

        self._http = urllib3.PoolManager(

    assertThat(response.handshake!!.localPrincipal).isNull()
    assertThat(response.handshake!!.peerCertificates).isEmpty()
    assertThat(response.handshake!!.peerPrincipal).isNull()
  }

  @Test fun `bad certificates host in insecureHosts fails with SSLException`() {
    val heldCertificate =
      HeldCertificate
        .Builder()
        .addSubjectAlternativeName("example.com")
        .build()
    val serverCertificates =

 * They specify that the call may be plaintext (`http`) or encrypted (`https`), but not which cryptographic algorithms should be used. Nor do they specify how to verify the peer's certificates (the [HostnameVerifier](https://developer.android.com/reference/javax/net/ssl/HostnameVerifier.html)) or which certificates can be trusted (the [SSLSocketFactory](https://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html)).

# Prevent apt install tzinfo from asking our location (assumes UTC)
export DEBIAN_FRONTEND=noninteractive

# Set up shared custom sources
apt-get update
apt-get install -y gnupg ca-certificates

# Deadsnakes: https://launchpad.net/~deadsnakes/+archive/ubuntu/ppa
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F23C5A6CF475977595C89F51BA6932366A755776

# LLVM/Clang: https://apt.llvm.org/

    enum class Type {
      Handshake,
      Plaintext,
      Encrypted,
      Setup,
      Unknown,
    }

    val type: Type
      get() =
        when {
          message == "adding as trusted certificates" -> Type.Setup
          message == "Raw read" || message == "Raw write" -> Type.Encrypted
          message == "Plaintext before ENCRYPTION" || message == "Plaintext after DECRYPTION" -> Type.Plaintext

COPY setup.sources.sh /setup.sources.sh
COPY setup.packages.sh /setup.packages.sh
COPY builder.packages.txt /builder.packages.txt

RUN /setup.sources.sh && /setup.packages.sh /builder.packages.txt

RUN update-ca-certificates
# Install devtoolset-9 in /dt10 with glibc 2.17 and libstdc++ 4.8, for building
# manylinux2014-compatible packages.
COPY builder.devtoolset/fixlinks_aarch64.sh /fixlinks.sh
COPY builder.devtoolset/rpm-patch.sh /rpm-patch.sh

```
export MINIO_ETCD_ENDPOINTS=http://localhost:2379
minio server /data
```

NOTE: If `etcd` is configured with `Client-to-server authentication with HTTPS client certificates` then you need to use additional envs such as `MINIO_ETCD_CLIENT_CERT` pointing to path to `etcd-client.crt` and `MINIO_ETCD_CLIENT_CERT_KEY` path to `etcd-client.key` .

### 4. Test with MinIO STS API