*    server's hostname. The server must also have is a (possibly-empty) chain of intermediate
 *    certificates to establish trust from a root certificate to the server's certificate. The root
 *    certificate is not included in this chain.
 *  * The client's handshake certificates must include a set of trusted root certificates. They will
 *    be used to authenticate the server's certificate chain. Typically this is a set of well-known

import okhttp3.internal.platform.Platform

/**
 * Computes the effective certificate chain from the raw array returned by Java's built in TLS APIs.
 * Cleaning a chain returns a list of certificates where the first element is `chain[0]`, each
 * certificate is signed by the certificate that follows, and the last certificate is a trusted CA
 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to

Validateurs et métadonnées génériques:

* `alias`
* `title`
* `description`
* `deprecated`

Validateurs spécifiques aux chaînes de caractères :

* `min_length`
* `max_length`
* `regex`

Parmi ces exemples, vous avez pu voir comment déclarer des validateurs pour les chaînes de caractères.

    val connection = AtomicReference<Connection?>()
    client =
      client
        .newBuilder()
        .addNetworkInterceptor(
          Interceptor { chain: Interceptor.Chain? ->
            connection.set(chain!!.connection())
            chain.proceed(chain.request())
          },
        ).build()
    dns["san.com"] = Dns.SYSTEM.lookup(server.hostName).subList(0, 1)
    assert200Http2Response(execute(url), server.hostName)

    @Override public Response intercept(Chain chain) throws IOException {
      Request request = chain.request();
      Headers newHeaders = request.headers()
          .newBuilder()
          .add("Date", new Date())
          .build();
      Request newRequest = request.newBuilder()
          .headers(newHeaders)
          .build();
      return chain.proceed(newRequest);
    }
  }

      this.host = host;
    }

    @Override public Response intercept(Chain chain) throws IOException {
      Request request = chain.request();
      if (request.url().host().equals(host)) {
        request = request.newBuilder()
            .header("Authorization", credentials)
            .build();
      }
      return chain.proceed(request);
    }
  }

      chain[0] = heldCertificate.certificate
      intermediates.copyInto(chain, 1)
      keyStore.setKeyEntry("private", heldCertificate.keyPair.private, password, chain)
    }

    // https://github.com/bcgit/bc-java/issues/1160
    val isBouncyCastle = keyStore.provider.name == "BC"
    val algorithm = if (isBouncyCastle) "PKIX" else KeyManagerFactory.getDefaultAlgorithm()

    val factory = KeyManagerFactory.getInstance(algorithm)

 */
class RetryAndFollowUpInterceptor(
  private val client: OkHttpClient,
) : Interceptor {
  @Throws(IOException::class)
  override fun intercept(chain: Interceptor.Chain): Response {
    val realChain = chain as RealInterceptorChain
    var request = chain.request
    val call = realChain.call
    var followUpCount = 0
    var priorResponse: Response? = null
    var newRoutePlanner = true

    val chain = newChain(call)
    return RealRoutePlanner(
      taskRunner = client.taskRunner,
      connectionPool = client.connectionPool.delegate,
      readTimeoutMillis = client.readTimeoutMillis,
      writeTimeoutMillis = client.writeTimeoutMillis,
      socketConnectTimeoutMillis = chain.connectTimeoutMillis,
      socketReadTimeoutMillis = chain.readTimeoutMillis,

) : CertificateChainCleaner() {
  @Suppress("UNCHECKED_CAST")
  @Throws(SSLPeerUnverifiedException::class)
  @SuppressSignatureCheck
  override fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate> {
    val certificates = (chain as List<X509Certificate>).toTypedArray()
    try {
      return x509TrustManagerExtensions.checkServerTrusted(certificates, "RSA", hostname)