JDK-8076535 : Deprecate the com.sun.jarsigner package
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-04-02
  • Updated: 2020-04-07
  • Resolved: 2015-06-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
9 b69Fixed
Related Reports
Blocks :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8173018 :  
The com.sun.jarsigner package (JDK-4500302) was created to allow user to provide an alternative jar signing mechanism that will be picked up by the "jarsigner -altsigner" option. The package is too low level and as we know not used by anyone. It should be deprecated.
The purpose of this enhancement is to deprecate the alternative signing mechanism of jarsigner, i.e. deprecating ContentSigner and ContentSignerParameters as external export interfaces. The classes can stay unchanged as internal. We should also deprecate the -altsign option of jarsigner. Maybe removing it from the help screen as a sign.

Max, I notice that sun.security.tools.jarsigner.TimestampedSigner extends com.sun.jarsigner.ContentSigner and the sun.security.tools.jarsigner.Main.JarSignerParameters inner class implements com.sun.jarsigner.ContentSignerParameters. I'm not familiar with these packages, but to me it looks like TimestampedSigner and JarSignerParameters are both there to support jarsigner's default signing mechanism. Is that right? If so, should ContentSigner and ContentSignerParameters really be deprecated?