Summary

Update the javadoc for the jdk.security.jarsigner.JarSigner API to make it clear the sign method may leave the output stream in an inconsistent state for cases where it fails.

Problem

The JarSigner.sign(File, OutputStream) can fail for various reasons, but there is no specification on what happens to the output stream.

Solution

Add some clarification.

Specification

     /**
      * Signs a file into an {@link OutputStream}. This method will not close
      * {@code file} or {@code os}.
+     * <p>
+     * If an I/O error or signing error occurs during the signing, then it may
+     * do so after some bytes have been written. Consequently, the output
+     * stream may be in an inconsistent state. It is strongly recommended that
+     * it be promptly closed in this case.
      *
      * @param file the file to sign.
      * @param os the output stream.
      * @throws JarSignerException if the signing fails.
      */
     public void sign(ZipFile file, OutputStream os);