fix: Safkeyring truststore bug fix in certificate-analyzer

[hrishikesh-nalawade]

Description

When the certificate-analyser is invoked with a SAF keyring truststore path (e.g. safkeyring://ZWESMVD/ZoweKeyring, type JCERACFKS), the initTruststore() method in Stores.java always uses FileInputStream to open the truststore.

The initKeystore() method in the same class correctly checks isKeyring() and uses keyRingUrl()openStream() for SAF keyrings, but this handling was never added to initTrustore()

Linked to #4592

Type of change

• fix: Bug fix (non-breaking change which fixes an issue)

Checklist:

• My code follows the style guidelines of this project
• PR title conforms to commit message guideline ## Commit Message Structure Guideline
• I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• The java tests in the area I was working on leverage @nested annotations
• Any dependent changes have been merged and published in downstream modules

[pablocarle]

in the start.sh scripts for API ML components we have java.protocol.handler.pkgs always set to com.ibm.crypto.provider. Should we have it the same way also for the analyser?

[balhar-jakub]

If we have the place to push this in, I would say yes.

[balhar-jakub]

Is the Draft label still intentional?

Also do you see adding any unit tests to validate that it won't repeat?

[sonarqubecloud]

Quality Gate failed

Failed conditions
73.3% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

[recaph]

Curious if this works with Java 21 too?