The jarsigner tool should warn the user if a weak cryptographic algorithm is used, such as MD2 or MD5, or a weak keysize, such as RSA/DSA keys less than 1024 bits. This should apply to the key and certificate, and the digest and signature algorithms used to sign the JAR. We should still allow the JAR to be signed, but a warning indicating the risks of using a weak algorithm should emitted.
Rather than hard-coding the algorithms, one way to implement this is to read the value of the jdk.certpath.disabledAlgorithms. Although this property is intended to only apply to certificates, the same restrictions are generally applicable to the algorithms used to sign code.