The problem is caused by IDPs with metadata containing at least two KeyDescriptorType elements without "use" attribute. In such cases, when getKeyDescriptor() is called, the while loop starting line 324 will throw an NPE on second iteration.
On the first pass through the block, kd.getUse() will return null, the if clause will be true and as "noUsageKD" is unassigned so far, we go into lines 329-330, which assigns "noUsageKD" to the first KeyDescriptor and breaks us out of this iteration with "continue".
The second pass though, "use" will be null again, but this time "noUsageKD" is not null, the continue is not reached and in line 333 trim() called on a null "use".
A simple patch is to move continue out of its containing block - see attachment.