assertThat(response.body.string()).isEqualTo("abc")
  }

  @Flaky
  @RetryingTest(5)
  fun missingClientAuthFailsForNeeds() {
    // Fails with 11.0.1 https://github.com/square/okhttp/issues/4598
    // StreamReset stream was reset: PROT...
    val client = buildClient(null, clientIntermediateCa.certificate)
    val socketFactory = buildServerSslSocketFactory()
    server.useHttps(socketFactory)

  private final OkHttpClient client;

  public CustomCipherSuites() throws GeneralSecurityException {
    // Configure cipher suites to demonstrate how to customize which cipher suites will be used for
    // an OkHttp request. In order to be selected a cipher suite must be included in both OkHttp's
    // connection spec and in the SSLSocket's enabled cipher suites array. Most applications should
    // not customize the cipher suites list.

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp.android.test.sni

import android.os.Build
import android.util.Log
import assertk.assertThat
import assertk.assertions.contains
import assertk.assertions.isEqualTo
import java.security.cert.X509Certificate

    platform.assumeNotBouncyCastle()
  }

  @ParameterizedTest
  @MethodSource("connectionTypes")
  fun testConnection(socketMode: SocketMode) {
    // https://github.com/square/okhttp/pull/6554
    assumeFalse(
      socketMode is TlsInstance &&
        socketMode.socketMode == Channel &&
        socketMode.protocol == HTTP_2 &&
        socketMode.tlsExtensionMode == STANDARD,

 *
 * ### Android Cleartext Permit Detection
 *
 * Supported on Android 6.0+ via `NetworkSecurityPolicy`.
 */
open class Platform {
  /** Prefix used on custom headers. */
  fun getPrefix() = "OkHttp"

  open fun newSSLContext(): SSLContext = SSLContext.getInstance("TLS")

  open fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(

      "Unexpected default trust managers: ${trustManagers.contentToString()}"
    }
    val x509TrustManager = trustManagers[0] as X509TrustManager
    // Disabled because OkHttp will run anyway
    Conscrypt.setHostnameVerifier(x509TrustManager, DisabledHostnameVerifier)
    return x509TrustManager
  }

  internal object DisabledHostnameVerifier : ConscryptHostnameVerifier {
    fun verify(

    }
  }

  private fun runTest(
    number: Long,
    count: Long,
  ) {
    val latch = CountDownLatch(1)
    val startNanos = AtomicLong()
    newWebSocket(
      "/runCase?case=$number&agent=okhttp",
      object : WebSocketListener() {
        override fun onOpen(
          webSocket: WebSocket,
          response: Response,
        ) {
          println("Executing test case $number/$count")

    val certificatePinner =
      CertificatePinner.Builder()
        .add("σkhttp.com", certA1Sha256Pin)
        .build()

    val expectedPin = listOf(Pin("σkhttp.com", certA1Sha256Pin))
    assertThat(certificatePinner.findMatchingPins("xn--khttp-fde.com")).isEqualTo(expectedPin)
  }

  /** https://github.com/square/okhttp/issues/3324  */
  @Test
  fun checkSubstringMatch() {
    val certificatePinner =

          // specifically received an instruction to retry without delay
          return userResponse.request
        }

        return null
      }

      HTTP_MISDIRECTED_REQUEST -> {
        // OkHttp can coalesce HTTP/2 connections even if the domain names are different. See
        // RealConnection.isEligible(). If we attempted this and the server returned HTTP 421, then
        // we can retry on a different connection.

) {
  /**
   * Confirms that at least one of the certificates pinned for `hostname` is in `peerCertificates`.
   * Does nothing if there are no certificates pinned for `hostname`. OkHttp calls this after a
   * successful TLS handshake, but before the connection is used.
   *
   * @throws SSLPeerUnverifiedException if `peerCertificates` don't match the certificates pinned
   *     for `hostname`.
   */