From 3f686576075fd973f493e4e275bec85da404396a Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 24 Jul 2025 10:01:03 -0700
Subject: [PATCH] revert truststore

---
 app/__init__.py | 72 ++++++++++++++++++++++++-------------------------
 application.py  | 11 +++-----
 poetry.lock     | 14 +---------
 pyproject.toml  |  1 -
 4 files changed, 41 insertions(+), 57 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index 625537852..ddd39c3ae 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -1,15 +1,15 @@
-import logging as real_logging  # noqa
-import os  # noqa
-import secrets  # noqa
-import string  # noqa
-import time  # noqa
-import uuid  # noqa
-from contextlib import contextmanager  # noqa
-from threading import Lock  # noqa
-from time import monotonic  # noqa
+import logging as real_logging
+import os
+import secrets
+import string
+import time
+import uuid
+from contextlib import contextmanager
+from threading import Lock
+from time import monotonic
 
-from celery import Celery, Task, current_task  # noqa
-from flask import (  # noqa
+from celery import Celery, Task, current_task
+from flask import (
     current_app,
     g,
     has_request_context,
@@ -17,26 +17,26 @@ from flask import (  # noqa
     make_response,
     request,
 )
-from flask.ctx import has_app_context  # noqa
-from flask_migrate import Migrate  # noqa
-from flask_socketio import SocketIO  # noqa
-from flask_sqlalchemy import SQLAlchemy as _SQLAlchemy  # noqa
-from sqlalchemy import event  # noqa
-from werkzeug.exceptions import HTTPException as WerkzeugHTTPException  # noqa
-from werkzeug.local import LocalProxy  # noqa
+from flask.ctx import has_app_context
+from flask_migrate import Migrate
+from flask_socketio import SocketIO
+from flask_sqlalchemy import SQLAlchemy as _SQLAlchemy
+from sqlalchemy import event
+from werkzeug.exceptions import HTTPException as WerkzeugHTTPException
+from werkzeug.local import LocalProxy
 
-from app import config  # noqa
-from app.clients import NotificationProviderClients  # noqa
-from app.clients.cloudwatch.aws_cloudwatch import AwsCloudwatchClient  # noqa
-from app.clients.document_download import DocumentDownloadClient  # noqa
-from app.clients.email.aws_ses import AwsSesClient  # noqa
-from app.clients.email.aws_ses_stub import AwsSesStubClient  # noqa
-from app.clients.pinpoint.aws_pinpoint import AwsPinpointClient  # noqa
-from app.clients.sms.aws_sns import AwsSnsClient  # noqa
-from notifications_utils import logging, request_helper  # noqa
-from notifications_utils.clients.encryption.encryption_client import Encryption  # noqa
-from notifications_utils.clients.redis.redis_client import RedisClient  # noqa
-from notifications_utils.clients.zendesk.zendesk_client import ZendeskClient  # noqa
+from app import config
+from app.clients import NotificationProviderClients
+from app.clients.cloudwatch.aws_cloudwatch import AwsCloudwatchClient
+from app.clients.document_download import DocumentDownloadClient
+from app.clients.email.aws_ses import AwsSesClient
+from app.clients.email.aws_ses_stub import AwsSesStubClient
+from app.clients.pinpoint.aws_pinpoint import AwsPinpointClient
+from app.clients.sms.aws_sns import AwsSnsClient
+from notifications_utils import logging, request_helper
+from notifications_utils.clients.encryption.encryption_client import Encryption
+from notifications_utils.clients.redis.redis_client import RedisClient
+from notifications_utils.clients.zendesk.zendesk_client import ZendeskClient
 
 job_cache = {}
 job_cache_lock = Lock()
@@ -359,15 +359,15 @@ def setup_sqlalchemy_events(app):
     with app.app_context():
 
         @event.listens_for(db.engine, "connect")
-        def connect(dbapi_connection, connection_record):  # noqa
+        def connect(dbapi_connection, connection_record):
             pass
 
         @event.listens_for(db.engine, "close")
-        def close(dbapi_connection, connection_record):  # noqa
+        def close(dbapi_connection, connection_record):
             pass
 
         @event.listens_for(db.engine, "checkout")
-        def checkout(dbapi_connection, connection_record, connection_proxy):  # noqa
+        def checkout(dbapi_connection, connection_record, connection_proxy):
             try:
                 # this will overwrite any previous checkout_at timestamp
                 connection_record.info["checkout_at"] = time.monotonic()
@@ -408,7 +408,7 @@ def setup_sqlalchemy_events(app):
                 )
 
         @event.listens_for(db.engine, "checkin")
-        def checkin(dbapi_connection, connection_record):  # noqa
+        def checkin(dbapi_connection, connection_record):
             pass
 
 
@@ -435,7 +435,7 @@ def make_task(app):
                 g.request_id = self.request_id
                 yield
 
-        def on_success(self, retval, task_id, args, kwargs):  # noqa
+        def on_success(self, retval, task_id, args, kwargs):
             # enables request id tracing for these logs
             with self.app_context():
                 elapsed_time = time.monotonic() - self.start
@@ -448,7 +448,7 @@ def make_task(app):
                     )
                 )
 
-        def on_failure(self, exc, task_id, args, kwargs, einfo):  # noqa
+        def on_failure(self, exc, task_id, args, kwargs, einfo):
             # enables request id tracing for these logs
             with self.app_context():
                 app.logger.exception(
diff --git a/application.py b/application.py
index 012fb0296..38d267c14 100644
--- a/application.py
+++ b/application.py
@@ -1,15 +1,12 @@
 ##!/usr/bin/env python
 
+
 from __future__ import print_function
 
-import truststore
+from flask import Flask
+from werkzeug.serving import WSGIRequestHandler
 
-truststore.inject_into_ssl()  # noqa
-
-from flask import Flask  # noqa
-from werkzeug.serving import WSGIRequestHandler  # noqa
-
-from app import create_app, socketio  # noqa
+from app import create_app, socketio  # noqa: F401
 
 WSGIRequestHandler.version_string = lambda self: "SecureServer"
 
diff --git a/poetry.lock b/poetry.lock
index bb65217e7..07cb7fc15 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -4895,18 +4895,6 @@ files = [
     {file = "trove_classifiers-2025.5.9.12.tar.gz", hash = "sha256:7ca7c8a7a76e2cd314468c677c69d12cc2357711fcab4a60f87994c1589e5cb5"},
 ]
 
-[[package]]
-name = "truststore"
-version = "0.10.1"
-description = "Verify certificates using native system trust stores"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "truststore-0.10.1-py3-none-any.whl", hash = "sha256:b64e6025a409a43ebdd2807b0c41c8bff49ea7ae6550b5087ac6df6619352d4c"},
-    {file = "truststore-0.10.1.tar.gz", hash = "sha256:eda021616b59021812e800fa0a071e51b266721bef3ce092db8a699e21c63539"},
-]
-
 [[package]]
 name = "types-python-dateutil"
 version = "2.9.0.20250708"
@@ -5545,4 +5533,4 @@ cffi = ["cffi (>=1.11)"]
 [metadata]
 lock-version = "2.1"
 python-versions = "^3.12.9"
-content-hash = "dd5db05ed4e52871ec2e380239dc51309673410aa627b6f0abd7987afe8b4575"
+content-hash = "94959a51209996a97a8025df828e34db4ac8e08bf7ff1e038d29d0b123dfee01"
diff --git a/pyproject.toml b/pyproject.toml
index ed422242a..2cbdc962d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -78,7 +78,6 @@ flask-socketio = "^5.5.1"
 virtualenv = "^20.32.0"
 marshmallow-enum = "^1.5.1"
 awscli = "^1.40.36"
-truststore = "^0.10.1"
 typing-extensions = "^4.14.1"
 aiohttp = "^3.12.14"
 pytest = "^8.4.0"