./mc cp /tmp/data/defpartsize minio1/test-bucket/defpartsize --enc-c "minio1/test-bucket/defpartsize=${TEST_MINIO_ENC_KEY}" --insecure

# Below should fail as compression and SSEC used at the same time
RESULT=$({ ./mc put /tmp/data/mpartobj.txt minio1/test-bucket/mpartobj.txt --enc-c "minio1/test-bucket/mpartobj.txt=${TEST_MINIO_ENC_KEY}" --insecure; } 2>&1)

	exit_1
fi

repcount4=$(./mc ls minio2/test-bucket/custpartsize --insecure | wc -l)
if [ "${repcount4}" -ne 1 ]; then
	echo "BUG: object test-bucket/custpartsize not replicated"
	exit_1
fi

# Stat the SSEC objects from source site
echo "Stat minio1/test-bucket/encrypted"
./mc stat minio1/test-bucket/encrypted --enc-c "minio1/test-bucket/encrypted=${TEST_MINIO_ENC_KEY}" --insecure --json

	var objectEncryptionKey crypto.ObjectKey
	if isEncrypted {
		if !crypto.SSEC.IsRequested(r.Header) && crypto.SSEC.IsEncrypted(mi.UserDefined) {
			writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrSSEMultipartEncrypted), r.URL)
			return
		}
		if crypto.S3.IsEncrypted(mi.UserDefined) && crypto.SSEC.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrSSEMultipartEncrypted), r.URL)

	sseCopyC := crypto.SSEC.IsEncrypted(srcInfo.UserDefined) && crypto.SSECopy.IsRequested(r.Header)
	sseC := crypto.SSEC.IsRequested(r.Header)
	sseS3 := crypto.S3.IsRequested(r.Header)
	sseKMS := crypto.S3KMS.IsRequested(r.Header)

	isSourceEncrypted := sseCopyC || sseCopyS3 || sseCopyKMS
	isTargetEncrypted := sseC || sseS3 || sseKMS

	if sseC {
		newKey, err = ParseSSECustomerRequest(r)

			ObjName:   os.RemoteObject,
			VersionID: os.TransitionVersionID,
			TierName:  os.TransitionTier,
		}, true
	}
	return jentry{}, false
}

// Sweep removes the transitioned object if it's no longer referred to.
func (os *objSweeper) Sweep() {
	if je, ok := os.shouldRemoveRemoteObject(); ok {
		globalExpiryState.enqueueTierJournalEntry(je)
	}
}

type jentry struct {
	ObjName   string

		crypto.S3KMS.CreateMetadata(metadata, newKey.KeyID, newKey.Ciphertext, sealedKey, cryptoCtx)
		return nil
	case crypto.SSEC:
		sealedKey, err := crypto.SSEC.ParseMetadata(metadata)
		if err != nil {
			return err
		}

		var objectKey crypto.ObjectKey
		if err = objectKey.Unseal(oldKey, sealedKey, crypto.SSEC.String(), bucket, object); err != nil {
			if subtle.ConstantTimeCompare(oldKey, newKey) == 1 {

	opts.UserDefined[ReservedMetadataPrefix+"Actual-Object-Size"] = r.Header.Get(xhttp.MinIOReplicationActualObjectSize)
	// Transfer SSEC key in opts.EncryptFn
	if crypto.SSEC.IsRequested(r.Header) {
		key, err := ParseSSECustomerRequest(r)
		if err == nil {
			// Set EncryptFn to return SSEC key
			opts.EncryptFn = func(baseKey string, data []byte) []byte {
				return key
			}
		}
	}

		{ObjectOpts{Name: "c1test", VersionID: "vid", DeleteMarker: true, SSEC: true, OpType: DeleteReplicationType}, cfgs[0], true}, // 7. permanent delete of version
		{ObjectOpts{Name: "c1test", DeleteMarker: true, SSEC: true, OpType: DeleteReplicationType}, cfgs[0], true},                   // 8. setting DeleteMarker on SSE-C encrypted object

	if err != nil {
		replLogOnceIf(ctx, err, bucket)
		return
	}
	if cfg == nil {
		return
	}

	opts := replication.ObjectOpts{
		Name:           object,
		SSEC:           crypto.SSEC.IsEncrypted(mopts.meta),
		Replica:        replStatus == replication.Replica,
		ExistingObject: mopts.isExistingObjectReplication(),
	}
	tagStr, ok := mopts.meta[xhttp.AmzObjectTagging]
	if ok {

	@(env bash $(PWD)/docs/site-replication/run-ssec-object-replication.sh)
	@echo "Running tests for automatic site replication of SSE-C objects with SSE-KMS enabled for bucket"
	@(env bash $(PWD)/docs/site-replication/run-sse-kms-object-replication.sh)
	@echo "Running tests for automatic site replication of SSE-C objects with compression enabled for site"
	@(env bash $(PWD)/docs/site-replication/run-ssec-object-replication-with-compression.sh)