JDK-8076535 : Deprecate the com.sun.jarsigner package
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2015-04-02
  • Updated: 2020-04-07
  • Resolved: 2015-06-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b69Fixed
Related Reports
Blocks :  
JDK-8056174 - New APIs for jar signing
Relates :  
JDK-4500302 - Verification of signed jars does not consider time-of-signing.
Relates :  
JDK-8174837 - Add "since=9" to deprecated ContentSigner and ContentSignerParameters classes
Relates :  
JDK-8242260 - Add forRemoval=true to already deprecated ContentSigner
Relates :  
JDK-8144784 - Remove @Deprecated annotation from java.security.acl, javax.security.cert and com.sun.jarsigner packages
Relates :  
JDK-8157055 - consider unified release notes for deprecated APIs
Sub Tasks
JDK-8173018 :  
Release Note: Deprecate the com.sun.jarsigner package - Closed
Description
The com.sun.jarsigner package (JDK-4500302) was created to allow user to provide an alternative jar signing mechanism that will be picked up by the "jarsigner -altsigner" option. The package is too low level and as we know not used by anyone. It should be deprecated.
Comments
The purpose of this enhancement is to deprecate the alternative signing mechanism of jarsigner, i.e. deprecating ContentSigner and ContentSignerParameters as external export interfaces. The classes can stay unchanged as internal. We should also deprecate the -altsign option of jarsigner. Maybe removing it from the help screen as a sign.
07-04-2015
Max, I notice that sun.security.tools.jarsigner.TimestampedSigner extends com.sun.jarsigner.ContentSigner and the sun.security.tools.jarsigner.Main.JarSignerParameters inner class implements com.sun.jarsigner.ContentSignerParameters. I'm not familiar with these packages, but to me it looks like TimestampedSigner and JarSignerParameters are both there to support jarsigner's default signing mechanism. Is that right? If so, should ContentSigner and ContentSignerParameters really be deprecated?
06-04-2015