source, binary, behavioral
The APIs were deprecated in JDK 9 with no known existing use. The probability that they have been used after that time is low.
Java API, add/remove/modify command line option
ContentSigner API in
com.sun.jarsigner and the accompanying
-altsignerpath options have been deprecated for removal since JDK 15 and should be removed.
This extension mechanism was deprecated in JDK 9 since it was deemed too low-level and had no known use. Removing it will reduce maintenance costs for jarsigner.
Also, Section 4 of RFC 8933
(Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection, published in October 2020) recommends using CMSAlgorithmProtection as a signed attribute for security reasons. This is not possible with the
ContentSigner extension mechanism.
Remove the terminally deprecated classes
com.sun.jarsigner.ContentSignerParameters and the associated
-altsignerpath options from jarsigner tool. Remove any mention of these options from the jarsigner man page.
Remove the following classes. Any class implementing these interfaces will fail to compile:
Remove the following package descriptor:
Remove the following options from the output of jarsigner --help:
Using the removed options will cause jarsigner to fail with an 'illegal option' message:
% jarsigner -altsigner Illegal option: -altsigner
Remove the Deprecated Options section from the jarsigner man page where the
-altsignerpath are described.
- csr of
JDK-8303410 Remove ContentSigner APIs and jarsigner -altsigner and -altsignerpath options