chain[0] = heldCertificate.certificate
      intermediates.copyInto(chain, 1)
      keyStore.setKeyEntry("private", heldCertificate.keyPair.private, password, chain)
    }

    val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
    factory.init(keyStore, password)
    val result = factory.keyManagers!!
    check(result.size == 1 && result[0] is X509KeyManager) {

      object : X509TrustManager {
        @Throws(CertificateException::class)
        override fun checkClientTrusted(
          chain: Array<X509Certificate>,
          authType: String,
        ) = throw CertificateException()

        override fun checkServerTrusted(
          chain: Array<X509Certificate>,
          authType: String,
        ) = throw AssertionError()

  // Webhooks with side effects MUST implement a reconciliation system, since a request may be
  // rejected by a future step in the admission chain and the side effects therefore need to be undone.
  // Requests with the dryRun attribute will be auto-rejected if they match a webhook with
  // sideEffects == Unknown or Some.
  optional string sideEffects = 6;

        }

        return getPackageSymbolIfPackageExists(selectedFqName)
    }

    /**
     * N.B. Works only for [KtClassOrObjectSymbol] parents chain.
     */
    private fun KtAnalysisSession.goToNthParent(symbol: KtDeclarationSymbol, steps: Int): KtDeclarationSymbol? {
        var currentSymbol = symbol

        repeat(steps) {

	public abstract fun withConnectTimeout (ILjava/util/concurrent/TimeUnit;)Lokhttp3/Interceptor$Chain;
	public abstract fun withReadTimeout (ILjava/util/concurrent/TimeUnit;)Lokhttp3/Interceptor$Chain;
	public abstract fun withWriteTimeout (ILjava/util/concurrent/TimeUnit;)Lokhttp3/Interceptor$Chain;
	public abstract fun writeTimeoutMillis ()I
}

public final class okhttp3/Interceptor$Companion {

OdHOim9+
-----END PRIVATE KEY-----
```

Recommendations
---------------

Typically servers need a held certificate plus a chain of intermediates. Servers only need the
private key for their own certificate. The chain served by a server doesn't need the root
certificate.

The trusted roots don't need to be the same for client and server when using client authentication.

 * response.
 */
class BridgeInterceptor(private val cookieJar: CookieJar) : Interceptor {
  @Throws(IOException::class)
  override fun intercept(chain: Interceptor.Chain): Response {
    val userRequest = chain.request()
    val requestBuilder = userRequest.newBuilder()

    val body = userRequest.body
    if (body != null) {
      val contentType = body.contentType()

        // pool, which should remain clean for subsequent tests.
        .connectionPool(ConnectionPool())
        .addNetworkInterceptor(
          Interceptor { chain: Interceptor.Chain? ->
            val response =
              chain!!.proceed(
                chain.request(),
              )
            responsesNotClosed.add(response)
            response
              .newBuilder()

A group's DN may be associated with an [access policy](#managing-usergroup-access-policy).

#### Nested groups usage in LDAP/AD
If you are using Active directory with nested groups you have to add LDAP_MATCHING_RULE_IN_CHAIN: :1.2.840.113556.1.4.1941: to your query.
For example:
```shell
group_search_filter: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:=%d))

    if (canceled) {
      stream!!.closeLater(ErrorCode.CANCEL)
      throw IOException("Canceled")
    }
    stream!!.readTimeout().timeout(chain.readTimeoutMillis.toLong(), TimeUnit.MILLISECONDS)
    stream!!.writeTimeout().timeout(chain.writeTimeoutMillis.toLong(), TimeUnit.MILLISECONDS)
  }

  override fun flushRequest() {
    http2Connection.flush()
  }

  override fun finishRequest() {