In Java, according to the [JSSE Reference Guide][1], there is no default for the `keystore`, the default for the `truststore` is &quot;*jssecacerts, if it exists. Otherwise, cacerts*&quot;.

A few applications use `~/.keystore` as a default keystore, but this is not without problems (mainly because you might not want all the application run by the user to use that trust store).

I&#39;d suggest using application-specific values that you bundle with your application instead, it would tend to be more applicable in general.


  [1]: http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization

Like bruno said, you&#39;re better configuring it yourself. Here&#39;s how I do it.
Start by creating a properties file (/etc/myapp/config.properties).


    javax.net.ssl.keyStore = /etc/myapp/keyStore
    javax.net.ssl.keyStorePassword = 123456

Then load the properties to your environment from your code. This makes your application configurable.

    FileInputStream propFile = new FileInputStream(&quot;/etc/myapp/config.properties&quot;);
    Properties p = new Properties(System.getProperties());
    p.load(propFile);
    System.setProperties(p);

What is the difference between DOM and HTML?

Difference between HTML and DOM

I&#39;m using the &quot;shade&quot; Maven2 plugin to build a monolithic JAR with all Java dependencies bundled together.  The relevant section in `pom.xml` is pretty straightforward:

    &lt;plugin&gt;
    	&lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
    	&lt;artifactId&gt;maven-shade-plugin&lt;/artifactId&gt;
    	&lt;version&gt;1.4&lt;/version&gt;
    	&lt;executions&gt;
    		&lt;execution&gt;
    			&lt;phase&gt;package&lt;/phase&gt;
    			&lt;goals&gt;
    				&lt;goal&gt;shade&lt;/goal&gt;
    			&lt;/goals&gt;
    			&lt;configuration&gt;
    				&lt;finalName&gt;${project.artifactId}-${project.version}-SHADED&lt;/finalName&gt;
    				&lt;transformers&gt;
    					&lt;transformer implementation=&quot;org.apache.maven.plugins.shade.resource.ManifestResourceTransformer&quot;&gt;
    						&lt;mainClass&gt;com.mypackage.MyClass&lt;/mainClass&gt;
    					&lt;/transformer&gt;
    				&lt;/transformers&gt;
    			&lt;/configuration&gt;
    		&lt;/execution&gt;
    	&lt;/executions&gt;
    &lt;/plugin&gt;

However, the build results are odd.  It seems that TWO files are actually created by this Maven plugin:

    myartifact-1.0.0-SHADED.jar  (zero bytes)
    original-myartifact-1.0.0-SHADED.jar  (10 MB)

The JAR file with prefix &quot;original&quot; is properly built, and functions just fine.  I suppose I could just rename it to strip off that prefix, and go on my merry way.  

However, I very curious as to what may be going on here with the &quot;shade&quot; plugin.  It looks like the &quot;original&quot; file is temporary working space type thing, intended to be renamed at the end of the process, and that final renaming simply doesn&#39;t complete.  There&#39;s no obvious explanation for that, though (i.e. filesystem permissions, etc).  Has anyone ever seen this before?

Maven &quot;shaded&quot; JAR is prefixed with &quot;original&quot; in the file name

I am writing an application that uses SSL.
Hence, I have a dummy keystore and a dummy truststore I want to supply to my customer.
Is there any default folder to put them inside my distribution?
e.g. docs, lib, bin...etc. Where is usually the keystore put on the server and where is usually truststore put on the client?

Thanks


Which is the default location for keystore/truststore of Java applications?

<p>I am writing an application that uses SSL.
Hence, I have a dummy keystore and a dummy truststore I want to supply to my customer.
Is there any default folder to put them inside my distribution?
e.g. docs, lib, bin...etc. Where is usually the keystore put on the server and where is usually truststore put on the client?</p>
<p>Thanks</p>


The question is in two parts. The first is conceptual. The next looks at the same question more concretely in Scala.

1. Does using only immutable data structures in a programming language make implementing certain algorithms/logic inherently more computationally expensive in practice? This draws to the fact that immutability is a core tenet of purely functional languages. Are there other factors that impact this? 
2. Let&#39;s take a more concrete example. [Quicksort][1] is generally taught and implemented using mutable operations on an in-memory data structure. How does one implement such a thing in a PURE functional way with a comparable computational and storage overhead to the mutable version. Specifically in Scala. I have included some crude benchmarks below. 

### More Details:

I come from an imperative programming background (C++, Java). I have been exploring functional programming, specifically Scala.

Some of the primary principles of pure functional programming:

1. Functions are first class citizens.
2. Functions do not have side effects and hence objects/data structures are [immutable][2].

Even though modern [JVMs][3] are extremely efficient with object creation and [garbage collection][4] is very inexpensive for short lived objects, it&#39;s probably still better to minimize object creation right? At least in a single-threaded application where concurrency and locking is not an issue. Since Scala is a hybrid paradigm, one can choose to write imperative code with mutable objects if necessary. But, as someone who has spent a lot of years trying to reuse objects and minimize allocation. I would like a good understanding of the school of thought that would not even allow that.

As a specific case, I was a little surprised by this code snippet in [this tutorial][5] [6] . It has a Java version of Quicksort followed by a neat looking Scala implementation of the same.

Here is my attempt to benchmark the implementations. I haven&#39;t done detailed profiling. But, my guess is that the Scala version is slower because the number of objects allocated is linear (one per recursion call). Is there any way chance that tail call optimizations can come into play? If I am right, Scala supports tail call optimizations for self-recursive calls. So, it should only be helping it. I am using Scala 2.8.

### Java version

    public class QuickSortJ {

        public static void sort(int[] xs) {
          sort(xs, 0, xs.length -1 );
        }

        static void sort(int[] xs, int l, int r) {
          if (r &gt;= l) return;
          int pivot = xs[l];
          int a = l; int b = r;
          while (a &lt;= b){
            while (xs[a] &lt;= pivot) a++;
            while (xs[b] &gt; pivot) b--;
            if (a &lt; b) swap(xs, a, b);
          }
          sort(xs, l, b);
          sort(xs, a, r);
        }

        static void swap(int[] arr, int i, int j) {
          int t = arr[i]; arr[i] = arr[j]; arr[j] = t;
        }
    }

### Scala version

    object QuickSortS {

      def sort(xs: Array[Int]): Array[Int] =
        if (xs.length &lt;= 1) xs
        else {
          val pivot = xs(xs.length / 2)
          Array.concat(
            sort(xs filter (pivot &gt;)),
            xs filter (pivot ==),
            sort(xs filter (pivot &lt;)))
        }
    }

### Scala Code to compare implementations

    import java.util.Date
    import scala.testing.Benchmark

    class BenchSort(sortfn: (Array[Int]) =&gt; Unit, name:String) extends Benchmark {

      val ints = new Array[Int](100000);

      override def prefix = name
      override def setUp = {
        val ran = new java.util.Random(5);
        for (i &lt;- 0 to ints.length - 1)
          ints(i) = ran.nextInt();
      }
      override def run = sortfn(ints)
    }

    val benchImmut = new BenchSort( QuickSortS.sort , &quot;Immutable/Functional/Scala&quot; )
    val benchMut   = new BenchSort( QuickSortJ.sort , &quot;Mutable/Imperative/Java   &quot; )

    benchImmut.main( Array(&quot;5&quot;))
    benchMut.main( Array(&quot;5&quot;))

### Results

Time in milliseconds for five consecutive runs

    Immutable/Functional/Scala    467    178    184    187    183
    Mutable/Imperative/Java        51     14     12     12     12

  [1]: http://en.wikipedia.org/wiki/Quicksort
  [2]: http://en.wikipedia.org/wiki/Immutable_object
  [3]: http://en.wikipedia.org/wiki/Java_virtual_machine
  [4]: http://en.wikipedia.org/wiki/Garbage_collection_%28computer_science%29
  [5]: http://www.ibm.com/developerworks/java/library/j-scala03268.html
  [6]: http://www.tedneward.com/about.aspx
 

Functional programming - is immutability expensive?

Straight to the point, problem is saving the object Operator into MySQL DB.
Prior to save, I try to select from this table and it works, so is connection to db.

Here is my Operator object:

    @Entity
    public class Operator{
    
       @Id
       @GeneratedValue
       private Long id;
     
       private String username;
     
       private String password;
     
    
       private Integer active;
     
       //Getters and setters...
    }

To save I use JPA `EntityManager`’s `persist` method.

Here is some log:

    Hibernate: insert into Operator (active, password, username, id) values (?, ?, ?, ?)
    com.mysql.jdbc.JDBC4PreparedStatement@15724a0: insert into Operator (active,password, username, id) values (0, &#39;pass&#39;, &#39;user&#39;, ** NOT SPECIFIED **)

The way I see it, problem is configuration with auto increment but I can&#39;t figure out where.

Tried some tricks I&#39;ve seen here:
https://stackoverflow.com/questions/582526/hibernate-not-respecting-mysql-auto-increment-primary-key-field But nothing of that worked

If any other configuration files needed I will provide them.

DDL:

    CREATE TABLE `operator` ( 
    `id` INT(10) NOT NULL AUTO_INCREMENT,
    `first_name` VARCHAR(40) NOT NULL,
    `last_name` VARCHAR(40) NOT NULL,
    `username` VARCHAR(50) NOT NULL,
    `password` VARCHAR(50) NOT NULL,
    `active` INT(1) NOT NULL,
    PRIMARY KEY (`id`)
    )




How to annotate MYSQL autoincrement field with JPA annotations

I&#39;m working on a project where all conversions from `int` to `String` are done like this:

    int i = 5;
    String strI = &quot;&quot; + i;

I&#39;m not familiar with Java. 

Is this usual practice or is something wrong, as I suppose?

How do I convert from int to String?

I&#39;m investigating which mocking framework to use for my project and have narrowed it down to [JMockit][1] and [Mockito][2]. 

I notice that *Mockito* was voted &quot;[the best mock framework for Java][3]&quot; on Stackoverflow.  
In comparing features on *JMockit*&#39;s &quot;[Mocking Tool Comparision Matrix][4]&quot;  it appears that *JMockit* has multiple different features.

Does anyone have any specific information (not opinions) on what *Mockito* can do which can&#39;t be achieved with *JMockit* and vice versa?  

  [1]: http://jmockit.org/
  [2]: http://mockito.org/
  [3]: https://stackoverflow.com/questions/22697/whats-the-best-mock-framework-for-java
  [4]: http://rawgit.com/jmockit/jmockit.github.io/e5f649df0276ef561b1b98004914a0cfd0c290bb/MockingToolkitComparisonMatrix.html

Comparison between Mockito vs JMockit - why is Mockito voted better than JMockit?

I&#39;m using [tag:json-simple] and I need to pretty-print JSON data (make it more human readable).

I haven&#39;t been able to find this functionality within that library.
How is this commonly achieved?

Pretty-Print JSON in Java

&gt; **Possible Duplicate:**  
&gt; [About password hashing system on client side](https://stackoverflow.com/questions/3715920/about-password-hashing-system-on-client-side)  

&lt;!-- End of automatically inserted text --&gt;


I have to secure the passwords of my web site users.  What I did was use MD5 &lt;s&gt;encryption&lt;/s&gt; hashing in server side. But the problem is the passwords remain in plain text until it arrives at the server, which means that the password can be captured using traffic monitoring. So what I want is to use a client side password encryption/hashing mechanism and send the encrypted/hashed password.
 Can anybody tell what is the way to do this?


Password encryption at client side

Since I just discovered that RFC 5425 requires TLS 1.2 to be used, and that .NET doesn&#39;t yet support it, I wonder if there are any implementation, possibly open source, of TLS 1.2 protocol, as defined in RFC 5246.

Are there .NET implementation of TLS 1.2?

I was asked to set up HTTPS with a self-signed cert on Apache on localhost, but how do I actually do that? I have no idea at all.

How do I allow HTTPS for Apache on localhost?

I&#39;m reading over [this page][1] and it says that if a site is SSL and the user tries to access it via regular http, the application should not redirect the user to https. It should just block him. Can someone verify the validity of this? It doesn&#39;t sound like a good idea, and I wonder what the real risk is of just forwarding the user to https. It seems that there is no technical reasons behind it, just that it&#39;s a good way to educate the user. 

&gt; Disable HTTP access to the domain,
&gt; don’t even redirect or link it to SSL.
&gt; Just inform the users this website is
&gt; not accessible over HTTP and they have
&gt; to access it over SSL.
&gt; 
&gt; This is the best practice against MITM
&gt; and phising attacks. This way your
&gt; users will be educated that
&gt; application never accessible over HTTP
&gt; and when they come across to a phising
&gt; or MITM attack they will know
&gt; something is wrong.
&gt; 
&gt; One of the best ways to protect your
&gt; application against MITM attacks and
&gt; phising attacks is educating your
&gt; users.


  [1]: http://ferruh.mavituna.com/ssl-implementation-security-faq-oku/#_Toc198392036

Is redirecting http to https a bad idea?

How can I force to SSL/https using .htaccess and mod_rewrite page specific in PHP.

Force SSL/https using .htaccess and mod_rewrite

Ok folks.. long story short, I was developing on a computer that I no longer have access to. I was able to retrieve the source code, but not the .keystore file used to sign and publish my application to the market (with several updates). Am I, and my poor users, out of luck if I ever want to update?

I know the password used to sign the key (at least it is one of three it could be), so can I create another? There must be a way around this.. what about a hard drive fail?

I lost my .keystore file?

During the development of a Java webservice client I ran into a problem. Authentication for the webservice is using a client certificate, a username and a password. The client certificate I received from the company behind the webservice is in `.cer` format. When I inspect the file using a text editor, it has the following contents:

    -----BEGIN CERTIFICATE-----
    [Some base64 encoded data]
    -----END CERTIFICATE-----

I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice.

I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. The resulting file can be imported into a keystore (using the `keytool` command). When I list the entries in the keystore, this entry is of the type `trustedCertEntry`. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. I&#39;m beginning to think that the provided certificate is a public certificate which is being used for authentication...

A workaround I have found is to import the certificate in IE and export it as a `.pfx` file. This file can be loaded as a keystore and can be used to authenticate with the webservice. However I cannot expect my clients to perform these steps every time they receive a new certificate. So I would like to load the `.cer` file directly into Java. Any thoughts?

Additional info: the company behind the webservice told me that the certificate should be requested (using IE &amp; the website) from the PC and user that would import the certificate later.

How to import a .cer certificate into a java keystore?

Based on my android keystore I created some apps. now, I want to update one of my programs but I lost my keystore. can I generate another one and update my app?

Thanks

Android: I lost my android key store, what should I do?

I&#39;m trying to programmatically create a new keystore in Java. The following code:

    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.setCertificateEntry(&quot;alias&quot;, cert);

throws a Uninitialized KeyStore exception. 

How do I programmatically create a new KeyStore?

How does my Java program know where my keystore containing the certificate is? 

Or alternatively: How do I tell my Java program where to look for the keystore?

After specifying the keystore in some way, how to specify the certificate to use for authenticating the server to client? 


Content Type	Original Author	Original Content on Stackoverflow
Question	yura	View Question on Stackoverflow
Solution 1 - Java	Bruno	View Answer on Stackoverflow
Solution 2 - Java	Kristian Benoit	View Answer on Stackoverflow

Which is the default location for keystore/truststore of Java applications?

Java Problem Overview

Java Solutions

Solution 1 - Java

Solution 2 - Java

Maven "shaded" JAR is prefixed with "original" in the file name

Difference between HTML and DOM

Attributions