1 files changed, 38 insertions, 0 deletions

diff --git a/weed/s3api/s3err/s3api_errors.go b/weed/s3api/s3err/s3api_errors.go
index 6833a498a..78ba8d2da 100644
--- a/weed/s3api/s3err/s3api_errors.go
+++ b/weed/s3api/s3err/s3api_errors.go
@@ -123,6 +123,15 @@ const (
 	ErrSSECustomerKeyMD5Mismatch
 	ErrSSECustomerKeyMissing
 	ErrSSECustomerKeyNotNeeded
+
+	// SSE-KMS related errors
+	ErrKMSKeyNotFound
+	ErrKMSAccessDenied
+	ErrKMSDisabled
+	ErrKMSInvalidCiphertext
+
+	// Bucket encryption errors
+	ErrNoSuchBucketEncryptionConfiguration
 )
 
 // Error message constants for checksum validation
@@ -505,6 +514,35 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "The object was not encrypted with customer provided keys.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+
+	// SSE-KMS error responses
+	ErrKMSKeyNotFound: {
+		Code:           "KMSKeyNotFoundException",
+		Description:    "The specified KMS key does not exist.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrKMSAccessDenied: {
+		Code:           "KMSAccessDeniedException",
+		Description:    "Access denied to the specified KMS key.",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrKMSDisabled: {
+		Code:           "KMSKeyDisabledException",
+		Description:    "The specified KMS key is disabled.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrKMSInvalidCiphertext: {
+		Code:           "InvalidCiphertext",
+		Description:    "The provided ciphertext is invalid or corrupted.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+
+	// Bucket encryption error responses
+	ErrNoSuchBucketEncryptionConfiguration: {
+		Code:           "ServerSideEncryptionConfigurationNotFoundError",
+		Description:    "The server side encryption configuration was not found.",
+		HTTPStatusCode: http.StatusNotFound,
+	},
 }
 
 // GetAPIError provides API Error for input API error code.