JDK-8056174 introduces the JarSigner API, and JDK-8058778 introduces the X509CertificateBuilder API. They cover functions of jarsigner and keytool which were not possible through public APIs.
I am thinking of two places in the Oracle JDK documentation:
1. JDK-specific APIs. We have a tradition to include security-related com.sun.* APIs in the doc (For example: http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/package-summary.html). These new APIs should be treated the same.
2. New entries in the security guide at http://docs.oracle.com/javase/8/docs/technotes/guides/security/index.html.
3. New entries to tutorials. Optional.