Java Code Examples for org.apache.hadoop.security.Credentials#addSecretKey()

@Test
public void testUGICredentialsPropogation() throws Exception {
  Credentials creds = new Credentials();
  Token<?> token = mock(Token.class);
  Text tokenService = new Text("service");
  Text secretName = new Text("secret");
  byte secret[] = new byte[]{};
      
  creds.addToken(tokenService,  token);
  creds.addSecretKey(secretName, secret);
  UserGroupInformation.getLoginUser().addCredentials(creds);
  
  JobConf jobConf = new JobConf();
  Job job = new Job(jobConf);

  assertSame(token, job.getCredentials().getToken(tokenService));
  assertSame(secret, job.getCredentials().getSecretKey(secretName));
}
 

@Test
public void testUGICredentialsPropogation() throws Exception {
  Credentials creds = new Credentials();
  Token<?> token = mock(Token.class);
  Text tokenService = new Text("service");
  Text secretName = new Text("secret");
  byte secret[] = new byte[]{};
      
  creds.addToken(tokenService,  token);
  creds.addSecretKey(secretName, secret);
  UserGroupInformation.getLoginUser().addCredentials(creds);
  
  JobConf jobConf = new JobConf();
  Job job = new Job(jobConf);

  assertSame(token, job.getCredentials().getToken(tokenService));
  assertSame(secret, job.getCredentials().getSecretKey(secretName));
}
 

@Test
public void mergeAll() {
  Credentials creds = new Credentials();
  creds.addToken(service[0], token[0]);
  creds.addToken(service[1], token[1]);
  creds.addSecretKey(secret[0], secret[0].getBytes());
  creds.addSecretKey(secret[1], secret[1].getBytes());
  
  Credentials credsToAdd = new Credentials();
  // one duplicate with different value, one new
  credsToAdd.addToken(service[0], token[3]);
  credsToAdd.addToken(service[2], token[2]);
  credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
  credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
  
  creds.mergeAll(credsToAdd);
  assertEquals(3, creds.numberOfTokens());
  assertEquals(3, creds.numberOfSecretKeys());
  // existing token & secret should not be overwritten
  assertEquals(token[0], creds.getToken(service[0]));
  assertEquals(secret[0], new Text(creds.getSecretKey(secret[0])));
  // non-duplicate token & secret should be present
  assertEquals(token[1], creds.getToken(service[1]));
  assertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
  // new token & secret should be added
  assertEquals(token[2], creds.getToken(service[2]));
  assertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
}
 

@Test
public void mergeAll() {
  Credentials creds = new Credentials();
  creds.addToken(service[0], token[0]);
  creds.addToken(service[1], token[1]);
  creds.addSecretKey(secret[0], secret[0].getBytes());
  creds.addSecretKey(secret[1], secret[1].getBytes());
  
  Credentials credsToAdd = new Credentials();
  // one duplicate with different value, one new
  credsToAdd.addToken(service[0], token[3]);
  credsToAdd.addToken(service[2], token[2]);
  credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
  credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
  
  creds.mergeAll(credsToAdd);
  assertEquals(3, creds.numberOfTokens());
  assertEquals(3, creds.numberOfSecretKeys());
  // existing token & secret should not be overwritten
  assertEquals(token[0], creds.getToken(service[0]));
  assertEquals(secret[0], new Text(creds.getSecretKey(secret[0])));
  // non-duplicate token & secret should be present
  assertEquals(token[1], creds.getToken(service[1]));
  assertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
  // new token & secret should be added
  assertEquals(token[2], creds.getToken(service[2]));
  assertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
}
 

@Test
public void addAll() {
  Credentials creds = new Credentials();
  creds.addToken(service[0], token[0]);
  creds.addToken(service[1], token[1]);
  creds.addSecretKey(secret[0], secret[0].getBytes());
  creds.addSecretKey(secret[1], secret[1].getBytes());

  Credentials credsToAdd = new Credentials();
  // one duplicate with different value, one new
  credsToAdd.addToken(service[0], token[3]);
  credsToAdd.addToken(service[2], token[2]);
  credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
  credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
  
  creds.addAll(credsToAdd);
  assertEquals(3, creds.numberOfTokens());
  assertEquals(3, creds.numberOfSecretKeys());
  // existing token & secret should be overwritten
  assertEquals(token[3], creds.getToken(service[0]));
  assertEquals(secret[3], new Text(creds.getSecretKey(secret[0])));
  // non-duplicate token & secret should be present
  assertEquals(token[1], creds.getToken(service[1]));
  assertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
  // new token & secret should be added
  assertEquals(token[2], creds.getToken(service[2]));
  assertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
}
 

public Credentials getCredentialsFromAppAttempt(RMAppAttempt appAttempt) {
  Credentials credentials = new Credentials();

  SecretKey clientTokenMasterKey =
      appAttempt.getClientTokenMasterKey();
  if(clientTokenMasterKey != null){
    credentials.addSecretKey(AM_CLIENT_TOKEN_MASTER_KEY_NAME,
        clientTokenMasterKey.getEncoded());
  }
  return credentials;
}
 

public static URI getKeyProviderUri(UserGroupInformation ugi,
    URI namespaceUri, String kmsUriSrv, ConfigurationSource conf)
    throws IOException {
  URI keyProviderUri = null;
  Credentials credentials = ugi.getCredentials();
  Text credsKey = null;
  if (namespaceUri != null) {
    // from ugi
    credsKey = getKeyProviderMapKey(namespaceUri);
    byte[] keyProviderUriBytes = credentials.getSecretKey(credsKey);
    if (keyProviderUriBytes != null) {
      keyProviderUri = URI.create(bytes2String(keyProviderUriBytes));
    }
  }
  if (keyProviderUri == null) {
    // from client conf
    if (kmsUriSrv == null) {
      Configuration hadoopConfig =
          LegacyHadoopConfigurationSource.asHadoopConfiguration(conf);
      keyProviderUri = KMSUtil.getKeyProviderUri(
          hadoopConfig, keyProviderUriKeyName);
    } else if (!kmsUriSrv.isEmpty()) {
      // from om server
      keyProviderUri = URI.create(kmsUriSrv);
    }
  }
  // put back into UGI
  if (keyProviderUri != null && credsKey != null) {
    credentials.addSecretKey(
        credsKey, StringUtils.string2Bytes(keyProviderUri.toString()));
  }

  return keyProviderUri;
}
 

@Test
public void addAll() {
  Credentials creds = new Credentials();
  creds.addToken(service[0], token[0]);
  creds.addToken(service[1], token[1]);
  creds.addSecretKey(secret[0], secret[0].getBytes());
  creds.addSecretKey(secret[1], secret[1].getBytes());

  Credentials credsToAdd = new Credentials();
  // one duplicate with different value, one new
  credsToAdd.addToken(service[0], token[3]);
  credsToAdd.addToken(service[2], token[2]);
  credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
  credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
  
  creds.addAll(credsToAdd);
  assertEquals(3, creds.numberOfTokens());
  assertEquals(3, creds.numberOfSecretKeys());
  // existing token & secret should be overwritten
  assertEquals(token[3], creds.getToken(service[0]));
  assertEquals(secret[3], new Text(creds.getSecretKey(secret[0])));
  // non-duplicate token & secret should be present
  assertEquals(token[1], creds.getToken(service[1]));
  assertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
  // new token & secret should be added
  assertEquals(token[2], creds.getToken(service[2]));
  assertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
}
 

public Credentials getCredentialsFromAppAttempt(RMAppAttempt appAttempt) {
  Credentials credentials = new Credentials();

  SecretKey clientTokenMasterKey =
      appAttempt.getClientTokenMasterKey();
  if(clientTokenMasterKey != null){
    credentials.addSecretKey(AM_CLIENT_TOKEN_MASTER_KEY_NAME,
        clientTokenMasterKey.getEncoded());
  }
  return credentials;
}
 

@InterfaceAudience.Private
public static void setEncryptedSpillKey(byte[] key, Credentials credentials) {
  credentials.addSecretKey(ENC_SPILL_KEY, key);
}
 

@InterfaceAudience.Private
public static void setShuffleSecretKey(byte[] key, Credentials credentials) {
  credentials.addSecretKey(SHUFFLE_TOKEN, key);
}
 

@Test
public void testAttemptContainerRequest() throws Exception {
  final Text SECRET_KEY_ALIAS = new Text("secretkeyalias");
  final byte[] SECRET_KEY = ("secretkey").getBytes();
  Map<ApplicationAccessType, String> acls =
      new HashMap<ApplicationAccessType, String>(1);
  acls.put(ApplicationAccessType.VIEW_APP, "otheruser");
  ApplicationId appId = ApplicationId.newInstance(1, 1);
  JobId jobId = MRBuilderUtils.newJobId(appId, 1);
  TaskId taskId = MRBuilderUtils.newTaskId(jobId, 1, TaskType.MAP);
  Path jobFile = mock(Path.class);

  EventHandler eventHandler = mock(EventHandler.class);
  TaskAttemptListener taListener = mock(TaskAttemptListener.class);
  when(taListener.getAddress()).thenReturn(new InetSocketAddress("localhost", 0));

  JobConf jobConf = new JobConf();
  jobConf.setClass("fs.file.impl", StubbedFS.class, FileSystem.class);
  jobConf.setBoolean("fs.file.impl.disable.cache", true);
  jobConf.set(JobConf.MAPRED_MAP_TASK_ENV, "");

  // setup UGI for security so tokens and keys are preserved
  jobConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
  UserGroupInformation.setConfiguration(jobConf);

  Credentials credentials = new Credentials();
  credentials.addSecretKey(SECRET_KEY_ALIAS, SECRET_KEY);
  Token<JobTokenIdentifier> jobToken = new Token<JobTokenIdentifier>(
      ("tokenid").getBytes(), ("tokenpw").getBytes(),
      new Text("tokenkind"), new Text("tokenservice"));

  TaskAttemptImpl taImpl =
      new MapTaskAttemptImpl(taskId, 1, eventHandler, jobFile, 1,
          mock(TaskSplitMetaInfo.class), jobConf, taListener,
          jobToken, credentials,
          new SystemClock(), null);

  jobConf.set(MRJobConfig.APPLICATION_ATTEMPT_ID, taImpl.getID().toString());

  ContainerLaunchContext launchCtx =
      TaskAttemptImpl.createContainerLaunchContext(acls,
          jobConf, jobToken, taImpl.createRemoteTask(),
          TypeConverter.fromYarn(jobId),
          mock(WrappedJvmID.class), taListener,
          credentials);

  Assert.assertEquals("ACLs mismatch", acls, launchCtx.getApplicationACLs());
  Credentials launchCredentials = new Credentials();

  DataInputByteBuffer dibb = new DataInputByteBuffer();
  dibb.reset(launchCtx.getTokens());
  launchCredentials.readTokenStorageStream(dibb);

  // verify all tokens specified for the task attempt are in the launch context
  for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
    Token<? extends TokenIdentifier> launchToken =
        launchCredentials.getToken(token.getService());
    Assert.assertNotNull("Token " + token.getService() + " is missing",
        launchToken);
    Assert.assertEquals("Token " + token.getService() + " mismatch",
        token, launchToken);
  }

  // verify the secret key is in the launch context
  Assert.assertNotNull("Secret key missing",
      launchCredentials.getSecretKey(SECRET_KEY_ALIAS));
  Assert.assertTrue("Secret key mismatch", Arrays.equals(SECRET_KEY,
      launchCredentials.getSecretKey(SECRET_KEY_ALIAS)));
}
 

@Test
public void testMRAppMasterCredentials() throws Exception {

  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);

  // Simulate credentials passed to AM via client->RM->NM
  Credentials credentials = new Credentials();
  byte[] identifier = "MyIdentifier".getBytes();
  byte[] password = "MyPassword".getBytes();
  Text kind = new Text("MyTokenKind");
  Text service = new Text("host:port");
  Token<? extends TokenIdentifier> myToken =
      new Token<TokenIdentifier>(identifier, password, kind, service);
  Text tokenAlias = new Text("myToken");
  credentials.addToken(tokenAlias, myToken);

  Text appTokenService = new Text("localhost:0");
  Token<AMRMTokenIdentifier> appToken =
      new Token<AMRMTokenIdentifier>(identifier, password,
          AMRMTokenIdentifier.KIND_NAME, appTokenService);
  credentials.addToken(appTokenService, appToken);
  
  Text keyAlias = new Text("mySecretKeyAlias");
  credentials.addSecretKey(keyAlias, "mySecretKey".getBytes());
  Token<? extends TokenIdentifier> storedToken =
      credentials.getToken(tokenAlias);

  JobConf conf = new JobConf();

  Path tokenFilePath = new Path(testDir.getAbsolutePath(), "tokens-file");
  Map<String, String> newEnv = new HashMap<String, String>();
  newEnv.put(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION, tokenFilePath
    .toUri().getPath());
  setNewEnvironmentHack(newEnv);
  credentials.writeTokenStorageFile(tokenFilePath, conf);

  ApplicationId appId = ApplicationId.newInstance(12345, 56);
  ApplicationAttemptId applicationAttemptId =
      ApplicationAttemptId.newInstance(appId, 1);
  ContainerId containerId =
      ContainerId.newContainerId(applicationAttemptId, 546);
  String userName = UserGroupInformation.getCurrentUser().getShortUserName();

  // Create staging dir, so MRAppMaster doesn't barf.
  File stagingDir =
      new File(MRApps.getStagingAreaDir(conf, userName).toString());
  stagingDir.mkdirs();

  // Set login-user to null as that is how real world MRApp starts with.
  // This is null is the reason why token-file is read by UGI.
  UserGroupInformation.setLoginUser(null);

  MRAppMasterTest appMaster =
      new MRAppMasterTest(applicationAttemptId, containerId, "host", -1, -1,
        System.currentTimeMillis(), false, true);
  MRAppMaster.initAndStartAppMaster(appMaster, conf, userName);

  // Now validate the task credentials
  Credentials appMasterCreds = appMaster.getCredentials();
  Assert.assertNotNull(appMasterCreds);
  Assert.assertEquals(1, appMasterCreds.numberOfSecretKeys());
  Assert.assertEquals(1, appMasterCreds.numberOfTokens());

  // Validate the tokens - app token should not be present
  Token<? extends TokenIdentifier> usedToken =
      appMasterCreds.getToken(tokenAlias);
  Assert.assertNotNull(usedToken);
  Assert.assertEquals(storedToken, usedToken);

  // Validate the keys
  byte[] usedKey = appMasterCreds.getSecretKey(keyAlias);
  Assert.assertNotNull(usedKey);
  Assert.assertEquals("mySecretKey", new String(usedKey));

  // The credentials should also be added to conf so that OuputCommitter can
  // access it - app token should not be present
  Credentials confCredentials = conf.getCredentials();
  Assert.assertEquals(1, confCredentials.numberOfSecretKeys());
  Assert.assertEquals(1, confCredentials.numberOfTokens());
  Assert.assertEquals(storedToken, confCredentials.getToken(tokenAlias));
  Assert.assertEquals("mySecretKey",
    new String(confCredentials.getSecretKey(keyAlias)));
  
  // Verify the AM's ugi - app token should be present
  Credentials ugiCredentials = appMaster.getUgi().getCredentials();
  Assert.assertEquals(1, ugiCredentials.numberOfSecretKeys());
  Assert.assertEquals(2, ugiCredentials.numberOfTokens());
  Assert.assertEquals(storedToken, ugiCredentials.getToken(tokenAlias));
  Assert.assertEquals(appToken, ugiCredentials.getToken(appTokenService));
  Assert.assertEquals("mySecretKey",
    new String(ugiCredentials.getSecretKey(keyAlias)));


}
 

@InterfaceAudience.Private
public static void setShuffleSecretKey(byte[] key, Credentials credentials) {
  credentials.addSecretKey(SHUFFLE_TOKEN, key);
}
 

@InterfaceAudience.Private
public static void setEncryptedSpillKey(byte[] key, Credentials credentials) {
  credentials.addSecretKey(ENC_SPILL_KEY, key);
}
 

@Test
public void testMRAppMasterCredentials() throws Exception {

  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);

  // Simulate credentials passed to AM via client->RM->NM
  Credentials credentials = new Credentials();
  byte[] identifier = "MyIdentifier".getBytes();
  byte[] password = "MyPassword".getBytes();
  Text kind = new Text("MyTokenKind");
  Text service = new Text("host:port");
  Token<? extends TokenIdentifier> myToken =
      new Token<TokenIdentifier>(identifier, password, kind, service);
  Text tokenAlias = new Text("myToken");
  credentials.addToken(tokenAlias, myToken);

  Text appTokenService = new Text("localhost:0");
  Token<AMRMTokenIdentifier> appToken =
      new Token<AMRMTokenIdentifier>(identifier, password,
          AMRMTokenIdentifier.KIND_NAME, appTokenService);
  credentials.addToken(appTokenService, appToken);
  
  Text keyAlias = new Text("mySecretKeyAlias");
  credentials.addSecretKey(keyAlias, "mySecretKey".getBytes());
  Token<? extends TokenIdentifier> storedToken =
      credentials.getToken(tokenAlias);

  JobConf conf = new JobConf();

  Path tokenFilePath = new Path(testDir.getAbsolutePath(), "tokens-file");
  Map<String, String> newEnv = new HashMap<String, String>();
  newEnv.put(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION, tokenFilePath
    .toUri().getPath());
  setNewEnvironmentHack(newEnv);
  credentials.writeTokenStorageFile(tokenFilePath, conf);

  ApplicationId appId = ApplicationId.newInstance(12345, 56);
  ApplicationAttemptId applicationAttemptId =
      ApplicationAttemptId.newInstance(appId, 1);
  ContainerId containerId =
      ContainerId.newContainerId(applicationAttemptId, 546);
  String userName = UserGroupInformation.getCurrentUser().getShortUserName();

  // Create staging dir, so MRAppMaster doesn't barf.
  File stagingDir =
      new File(MRApps.getStagingAreaDir(conf, userName).toString());
  stagingDir.mkdirs();

  // Set login-user to null as that is how real world MRApp starts with.
  // This is null is the reason why token-file is read by UGI.
  UserGroupInformation.setLoginUser(null);

  MRAppMasterTest appMaster =
      new MRAppMasterTest(applicationAttemptId, containerId, "host", -1, -1,
        System.currentTimeMillis(), false, true);
  MRAppMaster.initAndStartAppMaster(appMaster, conf, userName);

  // Now validate the task credentials
  Credentials appMasterCreds = appMaster.getCredentials();
  Assert.assertNotNull(appMasterCreds);
  Assert.assertEquals(1, appMasterCreds.numberOfSecretKeys());
  Assert.assertEquals(1, appMasterCreds.numberOfTokens());

  // Validate the tokens - app token should not be present
  Token<? extends TokenIdentifier> usedToken =
      appMasterCreds.getToken(tokenAlias);
  Assert.assertNotNull(usedToken);
  Assert.assertEquals(storedToken, usedToken);

  // Validate the keys
  byte[] usedKey = appMasterCreds.getSecretKey(keyAlias);
  Assert.assertNotNull(usedKey);
  Assert.assertEquals("mySecretKey", new String(usedKey));

  // The credentials should also be added to conf so that OuputCommitter can
  // access it - app token should not be present
  Credentials confCredentials = conf.getCredentials();
  Assert.assertEquals(1, confCredentials.numberOfSecretKeys());
  Assert.assertEquals(1, confCredentials.numberOfTokens());
  Assert.assertEquals(storedToken, confCredentials.getToken(tokenAlias));
  Assert.assertEquals("mySecretKey",
    new String(confCredentials.getSecretKey(keyAlias)));
  
  // Verify the AM's ugi - app token should be present
  Credentials ugiCredentials = appMaster.getUgi().getCredentials();
  Assert.assertEquals(1, ugiCredentials.numberOfSecretKeys());
  Assert.assertEquals(2, ugiCredentials.numberOfTokens());
  Assert.assertEquals(storedToken, ugiCredentials.getToken(tokenAlias));
  Assert.assertEquals(appToken, ugiCredentials.getToken(appTokenService));
  Assert.assertEquals("mySecretKey",
    new String(ugiCredentials.getSecretKey(keyAlias)));


}
 

@Test
public void testAttemptContainerRequest() throws Exception {
  final Text SECRET_KEY_ALIAS = new Text("secretkeyalias");
  final byte[] SECRET_KEY = ("secretkey").getBytes();
  Map<ApplicationAccessType, String> acls =
      new HashMap<ApplicationAccessType, String>(1);
  acls.put(ApplicationAccessType.VIEW_APP, "otheruser");
  ApplicationId appId = ApplicationId.newInstance(1, 1);
  JobId jobId = MRBuilderUtils.newJobId(appId, 1);
  TaskId taskId = MRBuilderUtils.newTaskId(jobId, 1, TaskType.MAP);
  Path jobFile = mock(Path.class);

  EventHandler eventHandler = mock(EventHandler.class);
  TaskAttemptListener taListener = mock(TaskAttemptListener.class);
  when(taListener.getAddress()).thenReturn(new InetSocketAddress("localhost", 0));

  JobConf jobConf = new JobConf();
  jobConf.setClass("fs.file.impl", StubbedFS.class, FileSystem.class);
  jobConf.setBoolean("fs.file.impl.disable.cache", true);
  jobConf.set(JobConf.MAPRED_MAP_TASK_ENV, "");

  // setup UGI for security so tokens and keys are preserved
  jobConf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
  UserGroupInformation.setConfiguration(jobConf);

  Credentials credentials = new Credentials();
  credentials.addSecretKey(SECRET_KEY_ALIAS, SECRET_KEY);
  Token<JobTokenIdentifier> jobToken = new Token<JobTokenIdentifier>(
      ("tokenid").getBytes(), ("tokenpw").getBytes(),
      new Text("tokenkind"), new Text("tokenservice"));

  TaskAttemptImpl taImpl =
      new MapTaskAttemptImpl(taskId, 1, eventHandler, jobFile, 1,
          mock(TaskSplitMetaInfo.class), jobConf, taListener,
          jobToken, credentials,
          new SystemClock(), null);

  jobConf.set(MRJobConfig.APPLICATION_ATTEMPT_ID, taImpl.getID().toString());

  ContainerLaunchContext launchCtx =
      TaskAttemptImpl.createContainerLaunchContext(acls,
          jobConf, jobToken, taImpl.createRemoteTask(),
          TypeConverter.fromYarn(jobId),
          mock(WrappedJvmID.class), taListener,
          credentials);

  Assert.assertEquals("ACLs mismatch", acls, launchCtx.getApplicationACLs());
  Credentials launchCredentials = new Credentials();

  DataInputByteBuffer dibb = new DataInputByteBuffer();
  dibb.reset(launchCtx.getTokens());
  launchCredentials.readTokenStorageStream(dibb);

  // verify all tokens specified for the task attempt are in the launch context
  for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
    Token<? extends TokenIdentifier> launchToken =
        launchCredentials.getToken(token.getService());
    Assert.assertNotNull("Token " + token.getService() + " is missing",
        launchToken);
    Assert.assertEquals("Token " + token.getService() + " mismatch",
        token, launchToken);
  }

  // verify the secret key is in the launch context
  Assert.assertNotNull("Secret key missing",
      launchCredentials.getSecretKey(SECRET_KEY_ALIAS));
  Assert.assertTrue("Secret key mismatch", Arrays.equals(SECRET_KEY,
      launchCredentials.getSecretKey(SECRET_KEY_ALIAS)));
}