* limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate

fun interface TrustRootIndex {
  /** Returns the trusted CA certificate that signed [cert]. */
  fun findByIssuerAndSignature(cert: X509Certificate): X509Certificate?

pkg crypto/x509, method (*CertPool) AddCertWithConstraint(*Certificate, func([]*Certificate) error) #57178
pkg crypto/x509, method (OID) Equal(OID) bool #60665
pkg crypto/x509, method (OID) EqualASN1OID(asn1.ObjectIdentifier) bool #60665
pkg crypto/x509, method (OID) String() string #60665
pkg crypto/x509, type Certificate struct, Policies []OID #60665
pkg crypto/x509, type OID struct #60665

 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac;

/**
 * Constants for PAC (Privilege Attribute Certificate) data structures.
 * Defines buffer types and other constants used in PAC parsing and validation.
 */
public interface PacConstants {

    /**
     * PAC structure version number.
     */

        .build()
    val handshakeCertificates =
      HandshakeCertificates
        .Builder()
        .heldCertificate(heldCertificate)
        .addTrustedCertificate(heldCertificate.certificate)
        .build()

    client =
      client
        .newBuilder()
        .sslSocketFactory(
          handshakeCertificates.sslSocketFactory(),
          handshakeCertificates.trustManager,

pkg net/http, method (*Server) ServeTLS(net.Listener, string, string) error
pkg net/http/fcgi, func ProcessEnv(*http.Request) map[string]string
pkg net/http/httptest, method (*Server) Certificate() *x509.Certificate
pkg net/http/httptest, method (*Server) Client() *http.Client
pkg reflect, func MakeMapWithSize(Type, int) Value
pkg runtime/pprof, func Do(context.Context, LabelSet, func(context.Context))

	public final fun -deprecated_keyPair ()Ljava/security/KeyPair;
	public fun <init> (Ljava/security/KeyPair;Ljava/security/cert/X509Certificate;)V
	public final fun certificate ()Ljava/security/cert/X509Certificate;
	public final fun certificatePem ()Ljava/lang/String;
	public static final fun decode (Ljava/lang/String;)Lokhttp3/tls/HeldCertificate;
	public final fun keyPair ()Ljava/security/KeyPair;

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.
We'll use secrets to hold the TLS certificate and key. To create a secret, update the paths to `private.key` and `public.crt`
below.

Then type

```sh
kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
```

    e is InterruptedIOException -> false

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false

  /**
   * Configure the server to [want client auth][SSLSocket.setWantClientAuth]. If the
   * client presents a certificate that is [trusted][TrustManager] the handshake will
   * proceed normally. The connection will also proceed normally if the client presents no
   * certificate at all! But if the client presents an untrusted certificate the handshake
   * will fail and no connection will be established.
   */
  public fun requestClientAuth() {

pkg crypto/x509, type Certificate struct, ExcludedEmailAddresses []string
pkg crypto/x509, type Certificate struct, ExcludedIPRanges []*net.IPNet
pkg crypto/x509, type Certificate struct, ExcludedURIDomains []string
pkg crypto/x509, type Certificate struct, PermittedEmailAddresses []string
pkg crypto/x509, type Certificate struct, PermittedIPRanges []*net.IPNet
pkg crypto/x509, type Certificate struct, PermittedURIDomains []string