From d59a558d586efe5604fe5b0bba729ae7772abc1b Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Tue, 27 Oct 2020 12:42:16 -0700
Subject: [PATCH] adopting ilike and not relying on == reducing redundancy

---
 lemur/certificates/service.py | 30 ++++++++----------------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 4484f636..b4ded62c 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -563,34 +563,20 @@ def query_common_name(common_name, args):
     # only not expired certificates
     current_time = arrow.utcnow()
 
+    query = Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))\
+        .filter(not_(Certificate.revoked))\
+        .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
+
     if common_name == "%" and not owner:
-        result = (
-            Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
-            .filter(not_(Certificate.revoked))
-            .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
-            .all()
-        )
+        return query.all()
     elif common_name == "%":
         # all valid certs from the owner
-        result = (
-            Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
-            .filter(Certificate.owner == owner)
-            .filter(not_(Certificate.revoked))
-            .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
-            .all()
-        )
+        query = query.filter(Certificate.owner.ilike(owner))
     else:
         # search based on owner and cn
-        result = (
-            Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
-            .filter(Certificate.cn.ilike(common_name))
-            .filter(Certificate.owner == owner)
-            .filter(not_(Certificate.revoked))
-            .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates
-            .all()
-        )
+        query = query.filter(Certificate.cn.ilike(common_name)).filter(Certificate.owner.ilike(owner))
 
-    return result
+    return query.all()
 
 
 def create_csr(**csr_config):