*/
    fun withSslSocketFactory(
      sslSocketFactory: SSLSocketFactory?,
      x509TrustManager: X509TrustManager?,
    ): Chain

    /**
     * Returns the [X509TrustManager] for the OkHttpClient, or an override from the Call.Chain.
     */
    val x509TrustManagerOrNull: X509TrustManager?

    /**
     * Returns the [HostnameVerifier] for the OkHttpClient, or an override from the Call.Chain.

      else -> true
    }

  override fun buildCertificateChainCleaner(trustManager: X509TrustManager): CertificateChainCleaner =
    AndroidCertificateChainCleaner.buildIfSupported(trustManager) ?: super.buildCertificateChainCleaner(trustManager)

  override fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex =
    try {
      StrictMode.noteSlowCall("buildTrustRootIndex")

    socketAdapters
      .find { it.matchesSocketFactory(sslSocketFactory) }
      ?.trustManager(sslSocketFactory)

  override fun newSSLContext(): SSLContext {
    StrictMode.noteSlowCall("newSSLContext")

    return super.newSSLContext()
  }

  override fun buildTrustRootIndex(trustManager: X509TrustManager): TrustRootIndex {

    factory.init(trustStore)
    val result = factory.trustManagers!!
    check(result.size == 1 && result[0] is X509TrustManager) {
      "Unexpected trust managers: ${result.contentToString()}"
    }

    val trustManager = result[0] as X509TrustManager

    return when {
      insecureHosts.isEmpty() -> trustManager
      Platform.isAndroid -> InsecureAndroidTrustManager(trustManager, insecureHosts)

import java.security.cert.X509Certificate
import javax.net.ssl.X509TrustManager

/** This extends [X509TrustManager] for Android to disable verification for a set of hosts. */
internal class InsecureAndroidTrustManager(
  private val delegate: X509TrustManager,
  private val insecureHosts: List<String>,
) : X509TrustManager {
  private val checkServerTrustedMethod: Method? =
    try {

  }

  @Test
  fun equalsFromTrustManager() {
    val handshakeCertificates = HandshakeCertificates.Builder().build()
    val x509TrustManager = handshakeCertificates.trustManager
    assertThat(get(x509TrustManager)).isEqualTo(get(x509TrustManager))
  }

  @Test
  fun normalizeSingleSelfSignedCertificate() {
    val root =
      HeldCertificate
        .Builder()
        .serialNumber(1L)

  @get:JvmName("sslSocketFactory")
  val sslSocketFactory: SSLSocketFactory
    get() = sslSocketFactoryOrNull ?: throw IllegalStateException("CLEARTEXT-only client")

  @get:JvmName("x509TrustManager")
  val x509TrustManager: X509TrustManager?

  @get:JvmName("connectionSpecs")
  val connectionSpecs: List<ConnectionSpec> =
    builder.connectionSpecs

  @get:JvmName("protocols")

package okhttp3.internal.platform.android

import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.X509TrustManager
import okhttp3.Protocol

interface SocketAdapter {
  fun isSupported(): Boolean

  fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager? = null

  fun matchesSocket(sslSocket: SSLSocket): Boolean

      }
      return prop.getProperty("version", "dev")
    }

    @Suppress("TrustAllX509TrustManager", "CustomX509TrustManager")
    private fun createInsecureTrustManager(): X509TrustManager =
      object : X509TrustManager {
        override fun checkClientTrusted(
          chain: Array<X509Certificate>,
          authType: String,
        ) {
        }

        override fun checkServerTrusted(

 */
package okhttp3.internal.tls

import java.security.cert.Certificate
import java.security.cert.X509Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.X509TrustManager
import okhttp3.internal.platform.Platform

/**
 * Computes the effective certificate chain from the raw array returned by Java's built in TLS APIs.