You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ha...@apache.org on 2015/04/08 13:06:29 UTC
directory-kerby git commit: DIRKRB-205 Adding the identity to
zookeeper backend. Contributed by Jiajia
Repository: directory-kerby
Updated Branches:
refs/heads/master 337e51acf -> 33ad2a64e
DIRKRB-205 Adding the identity to zookeeper backend. Contributed by Jiajia
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/33ad2a64
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/33ad2a64
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/33ad2a64
Branch: refs/heads/master
Commit: 33ad2a64edd2ad78df125f8d25d72b5d679e0de4
Parents: 337e51a
Author: Lin <li...@foxmail.com>
Authored: Wed Apr 8 19:05:54 2015 +0800
Committer: Lin <li...@foxmail.com>
Committed: Wed Apr 8 19:05:54 2015 +0800
----------------------------------------------------------------------
kerby-backend/zookeeper-backend/pom.xml | 7 +-
.../kdc/identitybackend/IdentityZNode.java | 117 ++++++++++++++++
.../identitybackend/IdentityZNodeHelper.java | 97 ++++++++++++++
.../kerberos/kdc/identitybackend/ZKConfKey.java | 2 +-
.../kerberos/kdc/identitybackend/ZKUtil.java | 133 +++++++++++++++++++
.../ZookeeperIdentityBackend.java | 27 +++-
6 files changed, 379 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/33ad2a64/kerby-backend/zookeeper-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/pom.xml b/kerby-backend/zookeeper-backend/pom.xml
index a8b4d36..bfa490b 100644
--- a/kerby-backend/zookeeper-backend/pom.xml
+++ b/kerby-backend/zookeeper-backend/pom.xml
@@ -12,7 +12,7 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -51,6 +51,11 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-crypto</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
<profiles>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/33ad2a64/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNode.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNode.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNode.java
new file mode 100644
index 0000000..a1d0325
--- /dev/null
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNode.java
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc.identitybackend;
+
+import org.apache.kerby.kerberos.kerb.crypto.util.BytesUtil;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import org.apache.kerby.util.UTF8;
+import org.apache.zookeeper.KeeperException;
+import org.apache.zookeeper.ZooKeeper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Iterator;
+import java.util.Map;
+
+public class IdentityZNode {
+ private static final Logger LOG = LoggerFactory.getLogger(IdentityZNode.class);
+ private ZooKeeper zk;
+ private String identityName;
+
+ public IdentityZNode(ZooKeeper zk, String identityName) {
+ this.zk = zk;
+ this.identityName = identityName;
+ }
+
+ public void setPrincipalName(String principal) throws KeeperException {
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getPrincipalNameZnode(this.identityName),
+ UTF8.toBytes(principal));
+ }
+
+ public void setKeyVersion(int keyVersion) throws KeeperException {
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getKeyVersionZNode(this.identityName),
+ BytesUtil.int2bytes(keyVersion, true));
+ }
+
+ public void setKdcFlags(int kdcFlags) throws KeeperException {
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getKdcFlagsZNode(this.identityName),
+ BytesUtil.int2bytes(kdcFlags, true));
+ }
+
+ public void setDisabled(boolean disabled) throws KeeperException {
+ int value;
+ if (disabled) {
+ value = 1;
+ } else {
+ value = 0;
+ }
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getDisabledZNode(this.identityName),
+ BytesUtil.int2bytes(value, true));
+ }
+
+ public void setLocked(boolean locked) throws KeeperException {
+ int value;
+ if (locked) {
+ value = 1;
+ } else {
+ value = 0;
+ }
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getLockedZNode(this.identityName),
+ BytesUtil.int2bytes(value, true));
+ }
+
+ public void setExpireTime(KerberosTime time) throws KeeperException {
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getExpireTimeZNode(this.identityName),
+ BytesUtil.long2bytes(time.getTime(), true));
+ }
+
+ public void setCreatedTime(KerberosTime time) throws KeeperException {
+ ZKUtil.createSetData(this.zk,
+ IdentityZNodeHelper.getCreatedTimeZNode(this.identityName),
+ BytesUtil.long2bytes(time.getTime(), true));
+ }
+
+ public void setKeys(Map<EncryptionType, EncryptionKey> keys) throws KeeperException {
+ if (ZKUtil.checkExists(this.zk, IdentityZNodeHelper.getKeysZNode(this.identityName)) == -1) {
+ ZKUtil.createWithParents(this.zk, IdentityZNodeHelper.getKeysZNode(this.identityName));
+ }
+ Iterator it = keys.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pair = (Map.Entry) it.next();
+ EncryptionType key = (EncryptionType) pair.getKey();
+ ZKUtil.createWithParents(this.zk, IdentityZNodeHelper.getKeyTypeZNode(this.identityName, key.getName()));
+ EncryptionKey value = (EncryptionKey) pair.getValue();
+ ZKUtil.createSetData(this.zk, IdentityZNodeHelper.getEncryptionKeyTypeZNode(this.identityName, key.getName()),
+ UTF8.toBytes(value.getKeyType().getName()));
+ ZKUtil.createSetData(this.zk, IdentityZNodeHelper.getEncryptionKeyDataZNode(this.identityName, key.getName()),
+ value.getKeyData());
+ ZKUtil.createSetData(this.zk, IdentityZNodeHelper.getEncryptionKeyNoZNode(this.identityName, key.getName()),
+ BytesUtil.int2bytes(value.getKvno(), true));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/33ad2a64/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNodeHelper.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNodeHelper.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNodeHelper.java
new file mode 100644
index 0000000..888f35a
--- /dev/null
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/IdentityZNodeHelper.java
@@ -0,0 +1,97 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc.identitybackend;
+
+public class IdentityZNodeHelper {
+
+ private final static String IDENTITIES_ZNODE_NAME = "identities";
+ private final static String PRINCIPAL_NAME_ZNODE_NAME = "principalName";
+ private final static String KEY_VERSION_ZNODE_NAME = "keyVersion";
+ private final static String KDC_FLAGS_ZNODE_NAME = "kdcFlags";
+ private final static String DISABLED_ZNODE_NAME = "disabled";
+ private final static String LOCKED_ZNODE_NAME = "locked";
+ private final static String EXPIRE_TIME_ZNODE_NAME = "expireTime";
+ private final static String CREATED_TIME_ZNODE_NAME = "createdTime";
+ private final static String KEYS_ZNODE_NAME = "keys";
+ private final static String KEY_TYPE_ZNODE_NAME = "keyType";
+ private final static String KEY_DATA_ZNODE_NAME = "keyData";
+ private final static String ENCRYPTION_KEY_NO_ZNODE_NAME = "keyNo";
+ private static String baseZNode = "/kerby";
+
+ public static String getBaseZNode() {
+ return baseZNode;
+ }
+
+ public static String getIdentitiesZNode() {
+ return ZKUtil.joinZNode(getBaseZNode(), IDENTITIES_ZNODE_NAME);
+ }
+
+ public static String getIndentityZNode(String principalName) {
+ return ZKUtil.joinZNode(getIdentitiesZNode(), principalName);
+ }
+
+ public static String getPrincipalNameZnode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), PRINCIPAL_NAME_ZNODE_NAME);
+ }
+
+ public static String getKeyVersionZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), KEY_VERSION_ZNODE_NAME);
+ }
+
+ public static String getKdcFlagsZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), KDC_FLAGS_ZNODE_NAME);
+ }
+
+ public static String getDisabledZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), DISABLED_ZNODE_NAME);
+ }
+
+ public static String getLockedZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), LOCKED_ZNODE_NAME);
+ }
+
+ public static String getExpireTimeZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), EXPIRE_TIME_ZNODE_NAME);
+ }
+
+ public static String getCreatedTimeZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), CREATED_TIME_ZNODE_NAME);
+ }
+
+ public static String getKeysZNode(String principalName) {
+ return ZKUtil.joinZNode(getIndentityZNode(principalName), KEYS_ZNODE_NAME);
+ }
+
+ public static String getKeyTypeZNode(String principalName, String type) {
+ return ZKUtil.joinZNode(getKeysZNode(principalName), type);
+ }
+
+ public static String getEncryptionKeyTypeZNode(String principalName, String type) {
+ return ZKUtil.joinZNode(getKeyTypeZNode(principalName, type), KEY_TYPE_ZNODE_NAME);
+ }
+
+ public static String getEncryptionKeyDataZNode(String principalName, String type) {
+ return ZKUtil.joinZNode(getKeyTypeZNode(principalName, type), KEY_DATA_ZNODE_NAME);
+ }
+
+ public static String getEncryptionKeyNoZNode(String principalName, String type) {
+ return ZKUtil.joinZNode(getKeyTypeZNode(principalName, type), ENCRYPTION_KEY_NO_ZNODE_NAME);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/33ad2a64/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
index a9d798d..fa16657 100644
--- a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
@@ -26,7 +26,7 @@ import org.apache.kerby.config.ConfigKey;
*/
public enum ZKConfKey implements ConfigKey {
ZK_HOST("127.0.0.1"),
- ZK_PORT(9015),
+ ZK_PORT(2181),
DATA_DIR,
DATA_LOG_DIR
;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/33ad2a64/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKUtil.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKUtil.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKUtil.java
new file mode 100644
index 0000000..9af489a
--- /dev/null
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKUtil.java
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc.identitybackend;
+
+import org.apache.zookeeper.CreateMode;
+import org.apache.zookeeper.KeeperException;
+import org.apache.zookeeper.ZooDefs;
+import org.apache.zookeeper.ZooKeeper;
+import org.apache.zookeeper.data.ACL;
+import org.apache.zookeeper.data.Stat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+
+/**
+ * utility class for ZooKeeper
+ */
+public class ZKUtil {
+ public static final char ZNODE_PATH_SEPARATOR = '/';
+ private static final Logger LOG = LoggerFactory.getLogger(ZKUtil.class);
+
+ public static String joinZNode(String prefix, String suffix) {
+ return prefix + ZNODE_PATH_SEPARATOR + suffix;
+ }
+
+ /**
+ * Check if the specified node exists. Sets no watches.
+ */
+ public static int checkExists(ZooKeeper zk, String node)
+ throws KeeperException {
+ try {
+ Stat s = zk.exists(node, null);
+ return s != null ? s.getVersion() : -1;
+ } catch (KeeperException e) {
+ return -1;
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ return -1;
+ }
+ }
+
+ /**
+ * Sets the data of the existing znode to be the specified data.
+ */
+ public static boolean setData(ZooKeeper zk, String node, byte[] data)
+ throws KeeperException {
+ try {
+ return zk.setData(node, data, -1) != null;
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ return false;
+ }
+ }
+
+ /**
+ * Set data into node creating node if it doesn't yet exist.
+ * Does not set watch.
+ */
+ public static void createSetData(final ZooKeeper zk, final String node,
+ final byte[] data)
+ throws KeeperException {
+ if (checkExists(zk, node) == -1) {
+ ZKUtil.createWithParents(zk, node, data);
+ } else {
+ ZKUtil.setData(zk, node, data);
+ }
+ }
+
+ /**
+ * Creates the specified node and all parent nodes required for it to exist.
+ */
+ public static void createWithParents(ZooKeeper zk, String node)
+ throws KeeperException {
+ createWithParents(zk, node, new byte[0]);
+ }
+
+ /**
+ * Creates the specified node and all parent nodes required for it to exist. The creation of
+ * parent znodes is not atomic with the leafe znode creation but the data is written atomically
+ * when the leaf node is created.
+ */
+ public static void createWithParents(ZooKeeper zk, String node, byte[] data)
+ throws KeeperException {
+ try {
+ if (node == null) {
+ return;
+ }
+ zk.create(node, data, createACL(zk, node),
+ CreateMode.PERSISTENT);
+ } catch (KeeperException.NodeExistsException nee) {
+ return;
+ } catch (KeeperException.NoNodeException nne) {
+ createWithParents(zk, getParent(node));
+ createWithParents(zk, node, data);
+ } catch (InterruptedException ie) {
+
+ }
+ }
+
+ /**
+ * Returns the ACL list
+ */
+ private static ArrayList<ACL> createACL(ZooKeeper zk, String node) {
+ return ZooDefs.Ids.OPEN_ACL_UNSAFE;//TODO
+ }
+
+ /**
+ * Returns the full path of the immediate parent of the specified node.
+ * null if passed the root node or an invalid node
+ */
+ public static String getParent(String node) {
+ int idx = node.lastIndexOf(ZNODE_PATH_SEPARATOR);
+ return idx <= 0 ? null : node.substring(0, idx);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/33ad2a64/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
index a1c795b..577df41 100644
--- a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
@@ -22,12 +22,15 @@ package org.apache.kerby.kerberos.kdc.identitybackend;
import org.apache.kerby.config.Config;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend;
+import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.WatchedEvent;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.server.ServerConfig;
import org.apache.zookeeper.server.ZooKeeperServerMain;
import org.apache.zookeeper.server.quorum.QuorumPeerConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
@@ -42,11 +45,13 @@ import java.util.Properties;
*/
public class ZookeeperIdentityBackend extends AbstractIdentityBackend
implements Watcher {
+ private static final Logger LOG = LoggerFactory.getLogger(ZookeeperIdentityBackend.class);
private Config config;
private String zkHost;
private int zkPort;
private File dataDir;
private File dataLogDir;
+ private ZooKeeper zooKeeper;
/**
* Constructing an instance using specified config that contains anything
@@ -66,6 +71,7 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend
startEmbeddedZookeeper();
connectZK();
+
}
/**
@@ -73,7 +79,7 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend
*/
private void connectZK() {
try {
- ZooKeeper zooKeeper = new ZooKeeper(zkHost, zkPort, null);
+ zooKeeper = new ZooKeeper(zkHost, zkPort, null);
} catch (IOException e) {
throw new RuntimeException("Failed to prepare Zookeeper connection");
}
@@ -136,7 +142,12 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend
@Override
protected KrbIdentity doAddIdentity(KrbIdentity identity) {
- return null;
+ try {
+ setIdentity(identity);
+ } catch (KeeperException e) {
+ LOG.error("Fail to add identity to zookeeper", e);
+ }
+ return identity;
}
@Override
@@ -153,4 +164,16 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend
public List<String> getIdentities(int start, int limit) {
return null;
}
+
+ private void setIdentity(KrbIdentity identity) throws KeeperException {
+ IdentityZNode identityZNode = new IdentityZNode(zooKeeper, identity.getPrincipalName());
+ identityZNode.setPrincipalName(identity.getPrincipalName());
+ identityZNode.setCreatedTime(identity.getCreatedTime());
+ identityZNode.setDisabled(identity.isDisabled());
+ identityZNode.setExpireTime(identity.getExpireTime());
+ identityZNode.setKdcFlags(identity.getKdcFlags());
+ identityZNode.setKeys(identity.getKeys());
+ identityZNode.setKeyVersion(identity.getKeyVersion());
+ identityZNode.setLocked(identity.isLocked());
+ }
}