From affd256a645e97ce4e05038b057e85cd772032ec Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@users.noreply.github.com>
Date: Thu, 25 Nov 2021 15:29:24 +0200
Subject: [PATCH] Use JDK default security provider when Conscrypt isn't
 available (#12938)

- fixes issue with ARM64 platform where Conscrypt isn't available

(cherry picked from commit 4f2d52edfbb53f043ed5640ccde694b60707eea3)
---
 .../apache/pulsar/common/util/SecurityUtility.java    | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
index fb6c83501483d..30f019dc4839e 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
@@ -116,6 +116,16 @@ public static Provider getProvider() {
     }
 
     private static Provider loadConscryptProvider() {
+        Class<?> conscryptClazz;
+
+        try {
+            conscryptClazz = Class.forName("org.conscrypt.Conscrypt");
+            conscryptClazz.getMethod("checkAvailability").invoke(null);
+        } catch (Throwable e) {
+            log.warn("Conscrypt isn't available. Using JDK default security provider.", e);
+            return null;
+        }
+
         Provider provider;
         try {
             provider = (Provider) Class.forName(CONSCRYPT_PROVIDER_CLASS).newInstance();
@@ -143,7 +153,6 @@ private static Provider loadConscryptProvider() {
         // contains the workaround.
         try {
             HostnameVerifier hostnameVerifier = new TlsHostnameVerifier();
-            Class<?> conscryptClazz = Class.forName("org.conscrypt.Conscrypt");
             Object wrappedHostnameVerifier = conscryptClazz
                     .getMethod("wrapHostnameVerifier",
                             new Class[]{HostnameVerifier.class}).invoke(null, hostnameVerifier);