/** Returns a possibly-empty list of certificates that identify this peer. */
  @get:JvmName("localCertificates") val localCertificates: List<Certificate>,
  // Delayed provider of peerCertificates, to allow lazy cleaning.
  peerCertificatesFn: () -> List<Certificate>,
) {
  /** Returns a possibly-empty list of certificates that identify the remote peer. */
  @get:JvmName("peerCertificates")

	}

	cert, ok := clientKey.(*ssh.Certificate)
	if !ok {
		return errSftpPublicKeyWithoutCert
	}

	// ssh.CheckCert called by ssh.Authenticate accepts certificates
	// with empty principles list so we block those in here.
	if len(cert.ValidPrincipals) == 0 {
		return errSftpCertWithoutPrincipals
	}

	// Verify that certificate provided by user is issued by trusted CA,

    builder = builder.heldCertificate(heldCertificate, heldCertificate.certificate())
    builder = builder.addTrustedCertificate(heldCertificate.certificate())
  }

  @Test @Disabled
  fun heldCertificate() {
    val heldCertificate: HeldCertificate = HeldCertificate.Builder().build()
    val certificate: X509Certificate = heldCertificate.certificate()
    val keyPair: KeyPair = heldCertificate.keyPair()
  }

      + "jaA9VEhgdaVhxBsT2qzUNDsXlOzGsliznDfoqETb\n"
      + "-----END CERTIFICATE-----\n";

    X509Certificate certificate =
        Certificates.decodeCertificatePem(certificateString);

    assertEquals(certificateString, Certificates.certificatePem(certificate));
  }

  /** Can still coalesce when pinning is used if pins match.  */
  @Test
  fun coalescesWhenCertificatePinsMatch() {
    val pinner =
      CertificatePinner
        .Builder()
        .add("san.com", pin(certificate.certificate))
        .build()
    client = client.newBuilder().certificatePinner(pinner).build()
    server.enqueue(MockResponse())
    server.enqueue(MockResponse())

        )
      },
    )

  /**
   * ```
   * Certificate ::= SEQUENCE  {
   *   tbsCertificate       TBSCertificate,
   *   signatureAlgorithm   AlgorithmIdentifier,
   *   signatureValue       BIT STRING
   * }
   * ```
   */
  internal val certificate: BasicDerAdapter<Certificate> =
    Adapters.sequence(
      "Certificate",
      tbsCertificate,
      algorithmIdentifier,

              "emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n" +
              "-----END CERTIFICATE-----";

      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      Certificate isgCertificate = cf.generateCertificate(new ByteArrayInputStream(isgCert.getBytes("UTF-8")));

      HandshakeCertificates certificates = new HandshakeCertificates.Builder()
              .addTrustedCertificate((X509Certificate) isgCertificate)

      )
    } catch (_: NoSuchMethodException) {
      null
    }

  /** Android method to clean and sort certificates, called via reflection. */
  @Suppress("unused", "UNCHECKED_CAST")
  fun checkServerTrusted(
    chain: Array<out X509Certificate>,
    authType: String,
    host: String,
  ): List<Certificate> {
    if (host in insecureHosts) return listOf()
    try {
      val method =
        checkServerTrustedMethod

      val keyManager =
        newKeyManager(
          null,
          serverCert,
          serverIntermediateCa.certificate,
        )
      val trustManager =
        newTrustManager(
          null,
          Arrays.asList(serverRootCa.certificate, clientRootCa.certificate),
          emptyList(),
        )
      val sslContext = SSLContext.getInstance("TLS")
      sslContext.init(

		Code:           "InvalidClientCertificate",
		Description:    "The provided client certificate is invalid. Retry with a different certificate.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSTooManyIntermediateCAs: {
		Code:           "TooManyIntermediateCAs",
		Description:    "The provided client certificate contains too many intermediate CA certificates",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSNotInitialized: {