}

  @Test fun generatedCertificate() {
    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("Foo Corp")
        .addSubjectAlternativeName("foo.com")
        .build()
    val session = session(heldCertificate.certificatePem())
    assertThat(verifier.verify("foo.com", session)).isTrue()

  private lateinit var rootCa: HeldCertificate
  private lateinit var certificate: HeldCertificate
  private val dns = FakeDns()
  private lateinit var url: HttpUrl
  private lateinit var serverIps: List<InetAddress>

  @BeforeEach
  fun setUp() {
    platform.assumeHttp2Support()
    platform.assumeNotBouncyCastle()
    rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)

  }

  companion object {
    internal var certA1: HeldCertificate =
      HeldCertificate
        .Builder()
        .serialNumber(100L)
        .build()
    internal var certA1Sha256Pin = CertificatePinner.pin(certA1.certificate)

    private var certB1 =
      HeldCertificate
        .Builder()
        .serialNumber(200L)
        .build()

## Version 4.2.0

_2019-09-10_

 *  New: API to decode a certificate and private key to create a `HeldCertificate`. This accepts a
    string containing both a certificate and PKCS #8-encoded private key.

    ```kotlin
    val heldCertificate = HeldCertificate.decode("""
        |-----BEGIN CERTIFICATE-----
        |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl

        val heldCertificate =
          HeldCertificate
            .Builder()
            .commonName("localhost")
            .addSubjectAlternativeName("localhost")
            .rsa2048()
            .build()
        return@lazy HandshakeCertificates
          .Builder()
          .heldCertificate(heldCertificate)
          .addTrustedCertificate(heldCertificate.certificate)

    platform.assumeNotConscrypt()
    val clientCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate
        .Builder()
        .signedBy(serverCa)

    platform.assumeNotConscrypt()

    val clientCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCa =
      HeldCertificate
        .Builder()
        .certificateAuthority(0)
        .build()
    val serverCertificate =
      HeldCertificate
        .Builder()
        .signedBy(serverCa)

 * **FormBody**: size
 * **Handshake**: cipherSuite, localCertificates, localPrincipal, peerCertificates, peerPrincipal,
   tlsVersion
 * **HandshakeCertificates**: keyManager, trustManager
 * **Headers**: size
 * **HeldCertificate**: certificate, keyPair
 * **HttpLoggingInterceptor**: level
 * **HttpUrl**: encodedFragment, encodedPassword, encodedPath, encodedPathSegments, encodedQuery,

    val heldCertificate =
      HeldCertificate
        .Builder()
        .commonName("example.com")
        .addSubjectAlternativeName(localIpAddress!!)
        .build()
    val handshakeCertificates =
      HandshakeCertificates
        .Builder()
        .heldCertificate(heldCertificate)
        .addTrustedCertificate(heldCertificate.certificate)
        .build()

 *  Fix: Don't leak socket connections when web socket upgrades fail.


## Version 3.11.0

_2018-07-12_

 *  **OkHttp's new okhttp-tls submodule tames HTTPS and TLS.**

    `HeldCertificate` is a TLS certificate and its private key. Generate a certificate with its
    builder then use it to sign another certificate or perform a TLS handshake. The