mstruk
commented
2 years ago NPE is always a bug, so that should be fixed. It also makes sense to allow for passwordless truststore.
Thanks for reporting it. Feel free to submit a PR with a proposed fix. In any case, I'll put this on a TODO for the next release.
If a password is not specified for a truststore (or a keystore for that matter), a NullPointerException will occur at io.strimzi.kafka.oauth.common.SSLUtil.createSSLFactory(SSLUtil.java:56).
It's common to not password-protect a truststore (as it just contains certificates that are trusted). In the case of a keystore, if its not desirable to support blank passwords, at the very least an informative error message should be thrown.