py:key_credential_link: filter_kcl_list helper for samba-tool

This will be used in `samba-tool user keytrust delete` and `samba-tool
computer keytrust delete` and is mainly to deduplicate that code.

Potentially it could also be used in `keytrust view`.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/python/samba/key_credential_link.py b/python/samba/key_credential_link.py
index 7193e0ddda2b52323f973ee61f160844618b1729..f8c82e1a82be9b67973863d77842cb51564a74ce 100644 (file)
--- a/python/samba/key_credential_link.py
+++ b/python/samba/key_credential_link.py
@@ -352,3 +352,30 @@ def kcl_in_list(kcl: KeyCredentialLinkDn, others: Iterable[KeyCredentialLinkDn])
         if km == other.key_material() and kcl.dn == other.dn:
             return True
     return False
+
+
+def filter_kcl_list(samdb: SamDB,
+                    keycredlinks: Iterable[KeyCredentialLinkDn],
+                    link_target: Optional[str] = None,
+                    fingerprint: Optional[str] = None) -> list:
+    """Select only the input links that match at least one of the
+    criteria.
+    """
+    # used in samba-tool X keytrust delete
+    selected = []
+    filters = []
+    if link_target is not None:
+        target_dn = Dn(samdb, link_target)
+        filters.append(lambda x: x.dn == target_dn)
+
+    if fingerprint is not None:
+        fingerprint = fingerprint.upper()
+        filters.append(lambda x: x.fingerprint() == fingerprint)
+
+    for x in keycredlinks:
+        for fn in filters:
+            if fn(x):
+                selected.append(x)
+                break
+
+    return selected