import static com.google.common.util.concurrent.Platform.restoreInterruptIfIsInterruptedException;
import static java.util.logging.Level.FINER;
import static java.util.logging.Level.SEVERE;
import static java.util.logging.Level.WARNING;

import com.google.common.annotations.GwtIncompatible;
import com.google.common.annotations.J2ktIncompatible;
import com.google.common.annotations.VisibleForTesting;

    // incomplete.
    val creator = cache.edit("k1")!!
    creator.newSink(0).buffer().use {
      it.writeUtf8("Hello")
    }

    // Simulate a severe Filesystem failure on the first initialization.
    filesystem.setFaultyDelete(cacheDir / "k1.0.tmp", true)
    filesystem.setFaultyDelete(cacheDir, true)
    cache =

import static com.google.common.util.concurrent.Platform.restoreInterruptIfIsInterruptedException;
import static java.util.logging.Level.FINER;
import static java.util.logging.Level.SEVERE;
import static java.util.logging.Level.WARNING;

import com.google.common.annotations.GwtIncompatible;
import com.google.common.annotations.J2ktIncompatible;
import com.google.common.annotations.VisibleForTesting;

    }

  @Test
  fun happyPath() {
    testInstances += this

    assertThat(serverA.started).isTrue()
    assertThat(serverB.started).isTrue()
    assertThat(serverC.started).isFalse()

    assertThat(serverD.started).isTrue()
    assertThat(serverE.started).isTrue()
    assertThat(serverF.started).isFalse()
  }

  private companion object {
    val testInstances = CopyOnWriteArrayList<StartStopTest>()

    enableProtocol(Protocol.HTTP_2)

    val request = Request(server1.url("/"))

    server1.enqueue(refusedStream)
    server1.enqueue(refusedStream)
    server2.enqueue(bodyResponse)

    dns[server1.hostName] = listOf(ipv6, ipv4)
    socketFactory[ipv6] = server1.socketAddress
    socketFactory[ipv4] = server2.socketAddress

    client =
      client
        .newBuilder()

Recommendations
---------------

Typically servers need a held certificate plus a chain of intermediates. Servers only need the
private key for their own certificate. The chain served by a server doesn't need the root
certificate.

The trusted roots don't need to be the same for client and server when using client authentication.
Clients might rely on the platform certificates and servers might use a private

 * `RESTRICTED_TLS` is a secure configuration, intended to meet stricter compliance requirements.
 * `MODERN_TLS` is a secure configuration that connects to modern HTTPS servers.
 * `COMPATIBLE_TLS` is a secure configuration that connects to secure–but not current–HTTPS servers.
 * `CLEARTEXT` is an insecure configuration that is used for `http://` URLs.

 *
 * The configuration of each spec changes with each OkHttp release. This is annoying: upgrading
 * your OkHttp library can break connectivity to certain web servers! But it’s a necessary annoyance
 * because the TLS ecosystem is dynamic and staying up to date is necessary to stay secure. See
 * [OkHttp's TLS Configuration History][tls_history] to track these changes.
 *
 * [tls_history]: https://square.github.io/okhttp/tls_configuration_history/
 */

        body = "ABCDEFGHIJKLMNOPQR",
      )
    server.enqueue(response)
    server.enqueue(response)
    server.enqueue(response)
    assertContent("ABCDEFGHIJKLMNOPQR", getResponse(newRequest("/foo")))
    assertThat(server.takeRequest().exchangeIndex).isEqualTo(0)
    assertContent("ABCDEFGHIJKLMNOPQR", getResponse(newRequest("/bar?baz=quux")))
    assertThat(server.takeRequest().exchangeIndex).isEqualTo(1)

 * to a remote host. Newer TLS options are quite useful:
 *
 *  * Server Name Indication (SNI) enables one IP address to negotiate secure connections for
 *    multiple domain names.
 *
 *  * Application Layer Protocol Negotiation (ALPN) enables the HTTPS port (443) to be used to
 *    negotiate HTTP/2.
 *