NPE at TrustMaterial:167 if both CACERTS and JSSE_CACERTS are null

[candrews]

If both CACERTS and JSSE_CACERTS are null, then an NPE occurs at https://github.com/narupley/not-going-to-be-commons-ssl/blob/0.3.20/src/main/java/org/apache/commons/ssl/TrustMaterial.java#L167

Here's an example the stack trace:

java.lang.NullPointerException
        at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:167)
        at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:158)
        at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:148)
        at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)

[candrews]

This problem doesn't occur in 0.3.18. Therefore, I'm pretty sure this regression was caused in 48f7303

[Piloon]

I have the same stack trace when using JDK11.
After debugging, I found my problem is that Keystore.getDefaultType() returns "PKCS12" and when calling tryJKS(KeyStore.getDefaultType(), stuffStream, jksPass, keyPass, forTrustMaterial); in org.apache.commons.ssl.KeyStoreBuilder#parse the NPE is thrown on line 494 because the password is null:

Caused by: java.lang.NullPointerException: No password supplied for PKCS#12 KeyStore.
	at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source) ~[bcprov-jdk15on-1.60.jar:1.60.0]
	at java.base/java.security.KeyStore.load(KeyStore.java:1479) ~[na:na]
	at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:494) ~[not-going-to-be-commons-ssl-0.3.20.jar:0.3.20]
	at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:401) ~[not-going-to-be-commons-ssl-0.3.20.jar:0.3.20]

Is it possible to add a null check to avoid this problem ?