Summary
-------
Remove the newly added `directsign` JarSigner property and jarsigner option introduced in JDK-8245274.
Problem
-------
The new property/option is not easy to understand. It involves the internals of PKCS #7 and should not be exposed to a JarSigner user.
It's not always precise. When the altsign option is specified it is useless.
Finally and most important, the newly published [RFC 8933][1] recommends that the originator (here, the signer) include the CMSAlgorithmProtection attribute [RFC6211] in signed attributes for security reasons. This means we'd better not sign directly anymore.
Solution
--------
Remove the property and the option.
When the `altsign` property/option is specified to use an alternative signing mechanism (Note: this feature was already deprecated for removal), no signedAttrs is generated which means a direct sign. Otherwise, a signedAttrs is generated that contains the CMSAlgorithmProtection recommended in RFC 8933 which means an indirect sign. The behavior is no longer customizable.
Specification
-------------
1. Remove the description for the "directsign" property in method spec of `jdk.security.jarsigner.JarSigner$Builder::setProperty`.
2. Remove the paragraph for the `directsign` option in the man page source file jarsigner.md.
3. Remove the `directsign` option line in the `jarsigner --help` output.
[1]: https://tools.ietf.org/html/rfc8933