There are 2 ways you can observe the problem
1) one is to put a debug point @ "request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore)" in LockKeystoreHandler . You will see that the string received has an extra space, that is if keystore name is "test" than you will get "test ". this results in a null value for KeystoreData and hence the null pointer exception.
2) In admin console in "Keystore" portlet you can see there are two places you can of lock/unlock a keystore one for "edit" and another for "usage". Once you take the mouse cursor over each of them, you can observe a visible difference in the target url @ the bottom pane of the browser- one with extra space and one w/o an extra space.
I have used egaed version of the 2.1.4 to test this and can see the same problem existing in 2.2 with similar uase, however in 2.2 the problem is due to "Unrecognized portlet action 'lockKeystore'" this is because mode is being returned as "lockKeystore ".