Mind Your Keys? A Security Evaluation of Java Keystores