val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()
    builder = builder.heldCertificate(heldCertificate, heldCertificate.certificate())
    builder = builder.addTrustedCertificate(heldCertificate.certificate())
  }

  @Test @Disabled
  fun heldCertificate() {
    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()

    assertThat(encoded).isEqualTo(privateKeyInfoByteString)
  }

  @Test
  fun `RSA issuer and signature`() {
    val root =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .rsa2048()
        .build()
    val certificate =
      HeldCertificate.Builder()
        .signedBy(root)
        .rsa2048()
        .build()

  }

  companion object {
    internal var certA1: HeldCertificate =
      HeldCertificate.Builder()
        .serialNumber(100L)
        .build()
    internal var certA1Sha256Pin = CertificatePinner.pin(certA1.certificate)

    private var certB1 =
      HeldCertificate.Builder()
        .serialNumber(200L)
        .build()

## Version 4.2.0

_2019-09-10_

 *  New: API to decode a certificate and private key to create a `HeldCertificate`. This accepts a
    string containing both a certificate and PKCS #8-encoded private key.

    ```kotlin
    val heldCertificate = HeldCertificate.decode("""
        |-----BEGIN CERTIFICATE-----
        |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl

        val heldCertificate =
          HeldCertificate.Builder()
            .commonName("localhost")
            .addSubjectAlternativeName("localhost")
            .rsa2048()
            .build()
        return@lazy HandshakeCertificates.Builder()
          .heldCertificate(heldCertificate)
          .addTrustedCertificate(heldCertificate.certificate)
          .build()
      }

  @RegisterExtension
  val clientTestRule = OkHttpClientTestRule()
  private lateinit var server: MockWebServer
  private lateinit var client: OkHttpClient
  private lateinit var rootCa: HeldCertificate
  private lateinit var certificate: HeldCertificate
  private val dns = FakeDns()
  private lateinit var url: HttpUrl
  private lateinit var serverIps: List<InetAddress>

  @BeforeEach
  fun setUp(server: MockWebServer) {

    platform.assumeNotBouncyCastle()
    platform.assumeNotConscrypt()
    val clientCa =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate.Builder()
        .signedBy(serverCa)
        .addSubjectAlternativeName(server.hostName)

    platform.assumeNotBouncyCastle()
    platform.assumeNotConscrypt()

    val clientCa =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate.Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate.Builder()
        .signedBy(serverCa)
        .addSubjectAlternativeName(server.hostName)

 * **FormBody**: size
 * **Handshake**: cipherSuite, localCertificates, localPrincipal, peerCertificates, peerPrincipal,
   tlsVersion
 * **HandshakeCertificates**: keyManager, trustManager
 * **Headers**: size
 * **HeldCertificate**: certificate, keyPair
 * **HttpLoggingInterceptor**: level
 * **HttpUrl**: encodedFragment, encodedPassword, encodedPath, encodedPathSegments, encodedQuery,

    val heldCertificate =
      HeldCertificate.Builder()
        .commonName("example.com")
        .addSubjectAlternativeName(localIpAddress!!)
        .build()
    val handshakeCertificates =
      HandshakeCertificates.Builder()
        .heldCertificate(heldCertificate)
        .addTrustedCertificate(heldCertificate.certificate)
        .build()