From a8f79ca80413dbc2a72653761c581e50d187860a Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@apache.org>
Date: Tue, 23 Nov 2021 10:10:23 +0200
Subject: [PATCH] Use JDK default security provider when Conscrypt isn't
 available

- fixes issue with ARM64 platform where Conscrypt isn't available
---
 .../apache/pulsar/common/util/SecurityUtility.java    | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
index a08ec87b63820..a1f4350b1d155 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
@@ -115,6 +115,16 @@ public static Provider getProvider() {
     }
 
     private static Provider loadConscryptProvider() {
+        Class<?> conscryptClazz;
+
+        try {
+            conscryptClazz = Class.forName("org.conscrypt.Conscrypt");
+            conscryptClazz.getMethod("checkAvailability").invoke(null);
+        } catch (Throwable e) {
+            log.warn("Conscrypt isn't available. Using JDK default security provider.", e);
+            return null;
+        }
+
         Provider provider;
         try {
             provider = (Provider) Class.forName(CONSCRYPT_PROVIDER_CLASS).getDeclaredConstructor().newInstance();
@@ -142,7 +152,6 @@ private static Provider loadConscryptProvider() {
         // contains the workaround.
         try {
             HostnameVerifier hostnameVerifier = new TlsHostnameVerifier();
-            Class<?> conscryptClazz = Class.forName("org.conscrypt.Conscrypt");
             Object wrappedHostnameVerifier = conscryptClazz
                     .getMethod("wrapHostnameVerifier",
                             new Class[]{HostnameVerifier.class}).invoke(null, hostnameVerifier);