ExistingObjResync:    existingObjResync,
		TargetStatuses:       tgtStatuses,
		TargetPurgeStatuses:  purgeStatuses,
		ReplicationTimestamp: tm,
		SSEC:                 crypto.SSEC.IsEncrypted(oi.UserDefined),
		UserTags:             oi.UserTags,
	}
	if r.SSEC {
		r.Checksum = oi.Checksum
	}
	return r
}

// ReplicationState - returns replication state using other internal replication metadata in ObjectInfo

Depending on code in this package is bad and will cause you problems with any upgrade! But the 4.x
will be particularly painful to naughty developers that import from this package! We changed a lot
to take advantage of sweet Kotlin features.

#### Credentials.basic()

The username and password parameters to `Credentials.basic()` are now non-null strings. In OkHttp
3.x, null would yield a username or password of "null".

			xhttp.AmzServerSideEncryptionCustomerKeyMD5:    []string{"7PpPLAK26ONlVUGOWlusfg=="},
		},
		copySource:     false,
		metadata:       nil,
		encryptionType: encrypt.SSEC,
		err:            nil,
	}, // 0
	{
		headers: http.Header{
			xhttp.AmzServerSideEncryptionCustomerAlgorithm: []string{"AES256"},

		m[xhttp.AmzServerSideEncryptionKmsID] = kmsKeyIDFromMetadata(metadata)
		if kmsCtx, ok := metadata[crypto.MetaContext]; ok {
			m[xhttp.AmzServerSideEncryptionKmsContext] = kmsCtx
		}
	case crypto.SSEC:
		m[xhttp.AmzServerSideEncryptionCustomerAlgorithm] = xhttp.AmzEncryptionAES
	}

	var toRemove []string
	for k := range cleanMinioInternalMetadataKeys(m) {
		if stringsHasPrefixFold(k, ReservedMetadataPrefixLower) {

// can be triggered on the resultant object.
type ObjectOpts struct {
	Name           string
	UserTags       string
	VersionID      string
	DeleteMarker   bool
	SSEC           bool
	OpType         Type
	Replica        bool
	ExistingObject bool
	TargetArn      string
}

// HasExistingObjectReplication returns true if any of the rule returns 'ExistingObjects' replication.

	// current cluster does not have the object yet. This is in a site/bucket replication scenario.
	MinIOTaggingProxied = "X-Minio-Tagging-Proxied"
	// Header indicates the actual replicated object size
	// In case of SSEC objects getting replicated (multipart) actual size would be needed at target
	MinIOReplicationActualObjectSize = "X-Minio-Replication-Actual-Object-Size"

	// predicted date/time of transition

			z.UserTags, bts, err = msgp.ReadStringBytes(bts)
			if err != nil {
				err = msgp.WrapError(err, "UserTags")
				return
			}
		case "SSEC":
			z.SSEC, bts, err = msgp.ReadBoolBytes(bts)
			if err != nil {
				err = msgp.WrapError(err, "SSEC")
				return
			}
		case "ReplicationStatus":
			bts, err = z.ReplicationStatus.UnmarshalMsg(bts)
			if err != nil {

MinIO supports two different types of server-side encryption ([SSE](#sse)):

- **SSE-C**: The MinIO server en/decrypts an object with a secret key provided by the S3 client as part of the HTTP request headers. Therefore, [SSE-C](#ssec) requires TLS/HTTPS.
- **SSE-S3**: The MinIO server en/decrypts an object with a secret key managed by a KMS. Therefore, MinIO requires a valid KMS configuration for [SSE-S3](#sses3).

### Server-Side Encryption - Preliminaries

	echo "BUG: KeyId: '${rep_obj3_keyid}' of replicated object: 'minio2/test-bucket/custpartsize' doesn't match with source value: '${src_obj3_keyid}'"
	exit_1
fi

# Check the etag, size and md5 of replicated SSEC object
if [ "${rep_obj4_etag}" != "${src_obj4_etag}" ]; then
	echo "BUG: Etag: '${rep_obj4_etag}' of replicated object: 'minio2/test-bucket/mpartobj' doesn't match with source value: '${src_obj4_etag}'"
	exit_1
fi

	VersionID                  string
	ETag                       string
	Size                       int64
	ActualSize                 int64
	ModTime                    time.Time
	UserTags                   string
	SSEC                       bool
	ReplicationStatus          replication.StatusType
	ReplicationStatusInternal  string
	VersionPurgeStatusInternal string
	VersionPurgeStatus         VersionPurgeStatusType