static final int HEADER_LENGTH = 12;

    // header field offsets
    static final int OPCODE_OFFSET = 2;
    static final int QUESTION_OFFSET = 4;
    static final int ANSWER_OFFSET = 6;
    static final int AUTHORITY_OFFSET = 8;
    static final int ADDITIONAL_OFFSET = 10;


    static void writeInt2 ( int val, byte[] dst, int dstIndex ) {
        dst[ dstIndex++ ] = (byte) ( ( val >> 8 ) & 0xFF );

apiVersion: v1
clusters:
- cluster:

		//	WantException:  false,
		//},
		{ // case 1
			Args: strings.Split("list", " "),
			ExpectedOutput: `FLAG                    VALUE            FROM
authority                                default
cert-dir                                 default
insecure                                 default
istioNamespace          istio-system     default

              writeByteString(value)
              insertIntoDynamicTable(header)
            }
            name.startsWith(Header.PSEUDO_PREFIX) && TARGET_AUTHORITY != name -> {
              // Follow Chromes lead - only include the :authority pseudo header, but exclude all other
              // pseudo headers. Literal Header Field without Indexing - Indexed Name.
              writeInt(headerNameIndex, PREFIX_4_BITS, 0)

     *
     * The server’s TLS certificate **does not need to be signed** by a trusted certificate
     * authority. Instead, it will trust any well-formed certificate, even if it is self-signed.
     * This is necessary for testing against localhost or in development environments where a
     * certificate authority is not possible.
     *
     * The server’s TLS certificate still must match the requested hostname. For example, if the

        path = "/"
      }
      this.path = path

      val scheme = if (socket is SSLSocket) "https" else "http"
      val localPort = socket.localPort
      val hostAndPort =
        headers[":authority"]
          ?: headers["Host"]
          ?: when (val inetAddress = socket.localAddress) {
            is Inet6Address -> "[${inetAddress.hostAddress}]:$localPort"
            else -> "${inetAddress.hostAddress}:$localPort"

        .header("Host", "square.com")
        .header("TE", "gzip")
        .build()
    val expected =
      headerEntries(
        ":method",
        "GET",
        ":path",
        "/",
        ":authority",
        "square.com",
        ":scheme",
        "http",
      )
    assertThat(http2HeadersList(request)).isEqualTo(expected)
  }

  @Test fun http2HeadersListDontDropTeIfTrailersHttp2() {

	// The service rejects any policy with a packed size greater than 100 percent,
	// which means the policy exceeded the allowed space.
	PackedPolicySize int `xml:",omitempty"`

	// The issuing authority of the web identity token presented. For OpenID Connect
	// ID tokens, this contains the value of the iss field. For OAuth 2.0 id_tokens,
	// this contains the value of the ProviderId parameter that was passed in the

    assertThat(connect.headers["Host"]).isEqualTo("[::1]:$port")
    assertThat(connect.headers[":authority"]).isNull()
    val get = server.takeRequest()
    assertThat(get.requestLine).isEqualTo("GET / HTTP/1.1")
    assertThat(get.headers["Host"]).isEqualTo("[::1]:$port")
    assertThat(get.headers[":authority"]).isNull()
    assertThat(get.requestUrl).isEqualTo(url)
  }

  @Test

certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict...