[panic: runtime error: invalid memory address or nil pointer dereference ]Throw errors gracefully when the certificate can't be found based on the name of key

[CLIN42]

issue statement

when supplying key can and crt pair at \etc\mqm\pki\keys, if the name of the crt and key doesn't match, below errors will be thrown while the container is being started

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x66c824]
goroutine 1 [running]:
github.com/ibm-messaging/mq-container/vendor/software.sslmate.com/src/go-pkcs12.Encode(0xa51000, 0xc00009c210, 0x971740, 0xc000180c40, 0x0, 0xc00002e880, 0x5, 0x8, 0xc0002200e0, 0xc, ...)
	/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/vendor/software.sslmate.com/src/go-pkcs12/pkcs12.go:467 +0xe4
github.com/ibm-messaging/mq-container/internal/tls.processKeys(0xc00016d700, 0x9c1fa5, 0x15, 0x9bfcff, 0x11, 0xc, 0x0, 0x0, 0x0)
	/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/internal/tls/tls.go:234 +0x453
github.com/ibm-messaging/mq-container/internal/tls.configureTLSKeystores(0x9c1fa5, 0x15, 0x9bfcff, 0x11, 0x9c0595, 0x12, 0x1, 0x40, 0x30, 0x0, ...)
	/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/internal/tls/tls.go:88 +0x165
github.com/ibm-messaging/mq-container/internal/tls.ConfigureDefaultTLSKeystores(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/internal/tls/tls.go:104 +0xfb
main.doMain(0x0, 0x0)
	/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/cmd/runmqserver/main.go:147 +0xc18
main.main()
	/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/cmd/runmqserver/main.go:300 +0x25

environment

version: 9.2.4
platform: Azure Kubernetes service

steps to produce

1. create a certificate and key pair, mq1.key and mq1-cer.crt
2. mount them to \etc\mqm\pki\keys as either ConfigMap or secret in the pod spec
3. start the pod

Analysis

1. method vendor/software.sslmate.com/src/go-pkcs12.Encode takes in public certificate as parameter
2. public certificate is generated by method internal\tls\tls.go:365. the method takes in keyPrefix as parameter and uses it to find the corresponding certificate internal\tls\tls.go:372
3. keyPrefix is returned by method processPrivateKey at internal\tls\tls.go:330. its value is the name of key without extension at internal\tls\tls.go:357
   e.g. if the key name is mq.key, it will look for certificate mq.crt.
4. before create a new PKCS#12 Keystore, there is no check if the public certificate is null or not

// Process certificates (*.crt) - public certificate & optional CA certificate
			publicCertificate, caCertificate, err := processCertificates(keyDir, keySet.Name(), keyPrefix, keys, &tlsStore.Keystore, &tlsStore.Truststore)
			if err != nil {
				return "", err
			}

			// Create a new PKCS#12 Keystore - containing private key, public certificate & optional CA certificate
			file, err := pkcs.Encode(rand.Reader, privateKey, publicCertificate, caCertificate, tlsStore.Keystore.Password)
			if err != nil {
				return "", fmt.Errorf("Failed to encode PKCS#12 Keystore %s: %v", keySet.Name()+".p12", err)
			}

Proposal

1. check if public and ca certificate is null before create keystore
2. throw gracefully when it is null.