)
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {
      "Unexpected default trust managers: ${trustManagers.contentToString()}"
    }
    return trustManagers[0] as X509TrustManager
  }

  override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager =

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, new TrustManager[] { trustManager }, null);

    return sslContext.getSocketFactory();
  }

  /** Returns a trust manager that trusts the VM's default certificate authorities. */
  private X509TrustManager defaultTrustManager() throws GeneralSecurityException {
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(

```

If you see a warning message like `gpg: WARNING: This key is not certified with a trusted signature!`, you can locally sign the Gradle key after importing it.
This tells your GPG installation that you trust this key and will prevent the warning from appearing again.

To do this, run the following command:

```bash
gpg --sign-key 1BD97A6A154E7810EE0BC832E2F38302C8075E3D
```

## Public Key Block in ascii-armored format

        provider,
      )
    factory.init(null as KeyStore?)
    val trustManagers = factory.trustManagers!!
    check(trustManagers.size == 1 && trustManagers[0] is X509TrustManager) {
      "Unexpected default trust managers: ${trustManagers.contentToString()}"
    }
    return trustManagers[0] as X509TrustManager
  }

  override fun trustManager(sslSocketFactory: SSLSocketFactory): X509TrustManager =

     * @return the client IP address
     */
    public String getClientIp(final HttpServletRequest request) {
        final String remoteAddr = request.getRemoteAddr();

        // Only trust proxy headers if the request comes from a trusted proxy
        if (isTrustedProxy(remoteAddr)) {
            final String xForwardedFor = request.getHeader("X-Forwarded-For");

  val hostname = "local.host"
  private val handshakeCertificates =
    run {
      // Generate a self-signed cert for the server to serve and the client to trust.
      val heldCertificate =
        HeldCertificate
          .Builder()
          .commonName(hostname)
          .addSubjectAlternativeName(hostname)
          .build()
      HandshakeCertificates

      }

    /** Sets the trailers and returns this. */
    public fun trailers(trailers: Headers): Builder =
      apply {
        this.trailers_ = trailers.newBuilder()
      }

    /** Don't trust the client during the SSL handshake. */
    public fun failHandshake(): Builder =
      apply {
        failHandshake = true
      }

    /** Trigger [socketEffect] before the request headers are read. */

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setup() {
    platform.assumeNotBouncyCastle()
  }

  /**
   * The pinner should pull the root certificate from the trust manager.
   */
  @Test
  fun pinRootNotPresentInChain() {
    // Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
    val rootCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)

_2016-02-10_

 *  Fix: Don’t crash when finding the trust manager on Robolectric. We attempted
    to detect the host platform and got confused because Robolectric looks like
    Android but isn’t!
 *  Fix: Change `CertificatePinner` to skip sanitizing the certificate chain
    when no certificates were pinned. This avoids an SSL failure in insecure
    “trust everyone” configurations, such as when talking to a development

    /**
     * By default, if we are handed a value collection bigger than expectedValuesPerKey, presize to
     * accept that many elements.
     *
     * <p>This gets overridden in ImmutableSetMultimap.Builder to only trust the size of {@code
     * values} if it is a Set and therefore probably already deduplicated.
     */
    int expectedValueCollectionSize(int defaultExpectedValues, Iterable<?> values) {