return true
	}
	return false
}

// IsEncrypted returns true if the object metadata indicates
// that it was uploaded using some form of server-side-encryption.
//
// IsEncrypted only checks whether the metadata contains at least
// one entry indicating SSE-C or SSE-S3.
func IsEncrypted(metadata map[string]string) (Type, bool) {
	if S3KMS.IsEncrypted(metadata) {
		return S3KMS, true
	}

		return true
	}
	if _, ok := h[xhttp.AmzServerSideEncryptionCustomerKeyMD5]; ok {
		return true
	}
	return false
}

// IsEncrypted returns true if the metadata contains an SSE-C
// entry indicating that the object has been encrypted using
// SSE-C.
func (ssec) IsEncrypted(metadata map[string]string) bool {
	if _, ok := metadata[MetaSealedKeySSEC]; ok {
		return true
	}
	return false
}

	if h.Get(xhttp.AmzServerSideEncryption) != xhttp.AmzEncryptionAES {
		return ErrInvalidEncryptionMethod
	}
	return nil
}

// IsEncrypted returns true if the object metadata indicates
// that the object was uploaded using SSE-S3.
func (sses3) IsEncrypted(metadata map[string]string) bool {
	if _, ok := metadata[MetaSealedKeyS3]; ok {
		return true
	}
	return false
}

	if spaces {
		return "", nil, ErrInvalidEncryptionKeyID
	}
	return strings.TrimPrefix(keyID, ARNPrefix), ctx, nil
}

// IsEncrypted returns true if the object metadata indicates
// that the object was uploaded using SSE-KMS.
func (ssekms) IsEncrypted(metadata map[string]string) bool {
	if _, ok := metadata[MetaSealedKeyKMS]; ok {
		return true
	}
	return false
}

	InsecureSealAlgorithm = "DARE-SHA256"
)

// Type represents an AWS SSE type:
//   - SSE-C
//   - SSE-S3
//   - SSE-KMS
type Type interface {
	fmt.Stringer

	IsRequested(http.Header) bool
	IsEncrypted(map[string]string) bool
}

// IsRequested returns true and the SSE Type if the HTTP headers
// indicate that some form server-side encryption is requested.
//