case S3KMS.IsRequested(h):
		return S3KMS, true
	case SSEC.IsRequested(h):
		return SSEC, true
	default:
		return nil, false
	}
}

// Requested returns whether any type of encryption is requested.
func Requested(h http.Header) bool {
	return S3.IsRequested(h) || S3KMS.IsRequested(h) || SSEC.IsRequested(h)
}

// UnsealObjectKey extracts and decrypts the sealed object key

)

func TestIsRequested(t *testing.T) {
	for i, test := range kmsIsRequestedTests {
		_, got := IsRequested(test.Header)
		if Requested(test.Header) != got {
			// Test if result matches.
			t.Errorf("Requested mismatch, want %v, got %v", Requested(test.Header), got)
		}
		got = got && S3KMS.IsRequested(test.Header)
		if got != test.Expected {
			t.Errorf("SSE-KMS: Test %d: Wanted %v but got %v", i, test.Expected, got)
		}

)

// String returns the SSE domain as string. For SSE-C the
// domain is "SSE-C".
func (ssec) String() string { return "SSE-C" }

// IsRequested returns true if the HTTP headers contains
// at least one SSE-C header. SSE-C copy headers are ignored.
func (ssec) IsRequested(h http.Header) bool {
	if _, ok := h[xhttp.AmzServerSideEncryptionCustomerAlgorithm]; ok {
		return true
	}

func (api objectAPIHandlers) getObjectInArchiveFileHandler(ctx context.Context, objectAPI ObjectLayer, bucket, object string, w http.ResponseWriter, r *http.Request) {
	if crypto.S3.IsRequested(r.Header) || crypto.S3KMS.IsRequested(r.Header) { // If SSE-S3 or SSE-KMS present -> AWS fails with undefined error
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL)
		return
	}

	// SSE-S3 requests.
	S3 = sses3{}

	_ Type = S3
)

// String returns the SSE domain as string. For SSE-S3 the
// domain is "SSE-S3".
func (sses3) String() string { return "SSE-S3" }

func (sses3) IsRequested(h http.Header) bool {
	_, ok := h[xhttp.AmzServerSideEncryption]
	// Return only true if the SSE header is specified and does not contain the SSE-KMS value

			if !crypto.SSEC.IsRequested(headers) && !crypto.SSECopy.IsRequested(headers) {
				if r.Header.Get(xhttp.MinIOSourceReplicationRequest) != "true" {
					return encrypted, errEncryptedObject
				}
			}
		}

		if crypto.S3.IsEncrypted(info.UserDefined) && r.Header.Get(xhttp.AmzCopySource) == "" {
			if crypto.SSEC.IsRequested(headers) || crypto.SSECopy.IsRequested(headers) {

	if copySource {
		if crypto.SSECopy.IsRequested(header) {
			clientKey, err = crypto.SSECopy.ParseHTTP(header)
			if err != nil {
				return opts, err
			}
			if sse, err = encrypt.NewSSEC(clientKey[:]); err != nil {
				return opts, err
			}
			opts.ServerSideEncryption = encrypt.SSECopy(sse)
			return opts, err
		}
		return opts, err
	}

	if crypto.SSEC.IsRequested(header) {

		if crypto.SSECopy.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, toAPIError(ctx, errInvalidEncryptionParameters), r.URL)
			return
		}

		if crypto.SSEC.IsRequested(r.Header) && crypto.S3.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, toAPIError(ctx, crypto.ErrIncompatibleEncryptionMethod), r.URL)
			return
		}

		if crypto.SSEC.IsRequested(r.Header) && crypto.S3KMS.IsRequested(r.Header) {