removed double if loops

nitneuqr · nitneuqr · commit 0411cd9b80d7 · 2025-06-13T16:18:21.000+02:00
diff --git a/src/cryptography/hazmat/primitives/serialization/pkcs7.py b/src/cryptography/hazmat/primitives/serialization/pkcs7.py
@@ -22,6 +22,7 @@
 )
 from cryptography.utils import _check_byteslike
 from cryptography.x509 import Certificate
+from cryptography.x509.oid import ExtendedKeyUsageOID
 from cryptography.x509.verification import (
     Criticality,
     ExtensionPolicy,
@@ -83,14 +84,14 @@ def _validate_basic_constraints(
     def _validate_key_usage(
         policy: Policy, cert: Certificate, ku: x509.KeyUsage | None
     ) -> None:
-        if ku is not None:
-            # Content commitment used to be named non repudiation
-            if not (ku.digital_signature or ku.content_commitment):
-                raise ValueError(
-                    "Key Usage, if specified, must have at least one of the "
-                    "digital signature or content commitment (formerly non "
-                    "repudiation) bits set."
-                )
+        if ku is not None and not (
+            ku.digital_signature or ku.content_commitment
+        ):
+            raise ValueError(
+                "Key Usage, if specified, must have at least one of the "
+                "digital signature or content commitment (formerly non "
+                "repudiation) bits set."
+            )
 
     def _validate_subject_alternative_name(
         policy: Policy,
@@ -125,14 +126,15 @@ def _validate_subject_alternative_name(
     def _validate_extended_key_usage(
         policy: Policy, cert: Certificate, eku: x509.ExtendedKeyUsage | None
     ) -> None:
-        if eku is not None:
-            ep = x509.ExtendedKeyUsageOID.EMAIL_PROTECTION in eku  # type: ignore[attr-defined]
-            aeku = x509.ExtendedKeyUsageOID.ANY_EXTENDED_KEY_USAGE in eku  # type: ignore[attr-defined]
-            if not (ep or aeku):
-                raise ValueError(
-                    "Extended Key Usage, if specified, must include "
-                    "emailProtection or anyExtendedKeyUsage."
-                )
+        if (
+            eku is not None
+            and ExtendedKeyUsageOID.EMAIL_PROTECTION not in eku
+            and ExtendedKeyUsageOID.ANY_EXTENDED_KEY_USAGE not in eku
+        ):
+            raise ValueError(
+                "Extended Key Usage, if specified, must include "
+                "emailProtection or anyExtendedKeyUsage."
+            )
 
     ee_policy = (
         ExtensionPolicy.webpki_defaults_ee()
