}

		healingLogIf(ctx, tracker.update(ctx))
		close(quitting)
	}()

	var retErr error

	// Heal all buckets with all objects
	for _, bucket := range healBuckets {
		if tracker.isHealed(bucket) {
			continue
		}

		var forwardTo string
		// If we resume to the same bucket, forward to last known item.
		b := tracker.getBucket()
		if b == bucket {
			forwardTo = tracker.getObject()

	return h.disk.Delete(ctx, minioMetaBucket,
		pathJoin(bucketMetaPrefix, healingTrackerFilename),
		DeleteOptions{
			Recursive: false,
			Immediate: false,
		},
	)
}

func (h *healingTracker) isHealed(bucket string) bool {
	h.mu.RLock()
	defer h.mu.RUnlock()
	return slices.Contains(h.HealedBuckets, bucket)
}

// resume will reset progress to the numbers at the start of the bucket.

": "jIJPsrkkVYYMvc7edBrNl+7zcM7+ZwXqMb/YAjBO/ck=", "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id": "my-minio-key", "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key": "IAAfAP2p7ZLv3UpLwBnsKkF2mtWba0qoY42tymK0szRgGvAxBNcXyHXYooe9dQpeeEJWgKUa/8R61oCy1mFwIg==", "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key": "IAAfAPFYRDkHVirJBJxBixNj3PLWt78dFuUTyTLIdLG820J7XqLPBO4gpEEEWw/DoTsJIb+apnaem+rKtQ1h3Q==", "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",...

	if md5Sum := md5.Sum(clientKey); err != nil || !bytes.Equal(md5Sum[:], keyMD5) {
		return key, ErrCustomerKeyMD5Mismatch
	}
	copy(key[:], clientKey)
	return key, nil
}

// UnsealObjectKey extracts and decrypts the sealed object key
// from the metadata using the SSE-C client key of the HTTP headers
// and returns the decrypted object key.

		logger.CriticalIf(context.Background(), errors.New("Unable to generate sealed key"))
	}
	sealedKey := SealedKey{
		IV:        iv,
		Algorithm: SealAlgorithm,
	}
	copy(sealedKey.Key[:], encryptedKey.Bytes())
	return sealedKey
}

// Unseal decrypts a sealed key using the 256 bit external key. Since the sealed key
// may be cryptographically bound to the object's path the same bucket/object as during sealing

// Requested returns whether any type of encryption is requested.
func Requested(h http.Header) bool {
	return S3.IsRequested(h) || S3KMS.IsRequested(h) || SSEC.IsRequested(h)
}

// UnsealObjectKey extracts and decrypts the sealed object key
// from the metadata using the SSE-Copy client key of the HTTP headers
// and returns the decrypted object key.

	// Add more supported headers here.
}

// mapping of internal headers to allowed replication headers
var validSSEReplicationHeaders = map[string]string{
	"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "X-Minio-Replication-Server-Side-Encryption-Sealed-Key",
	"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "X-Minio-Replication-Server-Side-Encryption-Seal-Algorithm",

 * limitations under the License.
 */
package mockwebserver3

/**
 * An adverse action to take on a socket, intended to exercise failure modes in the calling code.
 */
public sealed interface SocketEffect {
  /**
   * Close the TCP socket that carries this request.
   *
   * Using this as [MockResponse.onResponseEnd] is the default for HTTP/1.0.
   */
  public class CloseSocket(

				"application/vnd.scribus",
				"application/vnd.sealed.3df",
				"application/vnd.sealed.csf",
				"application/vnd.sealed.doc",
				"application/vnd.sealed.eml",
				"application/vnd.sealed.mht",
				"application/vnd.sealed.net",
				"application/vnd.sealed.ppt",
				"application/vnd.sealed.tiff",
				"application/vnd.sealed.xls",
				"application/vnd.sealedmedia.softseal.html",

        }
        final Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        cal.set(2027, 6 - 1, 1); // EOL Date
        eolTime = cal.getTimeInMillis();
        if (isEoled()) {
            logger.error("Your system is out of support. See https://fess.codelibs.org/eol.html");
        }
        updateSystemProperties();
        final FessConfig fessConfig = ComponentUtil.getFessConfig();