-
CSR
-
Resolution: Approved
-
P4
-
None
-
source, binary, behavioral
-
low
-
The APIs were deprecated in JDK 9 with no known existing use. The probability that they have been used after that time is low.
-
Java API, add/remove/modify command line option
-
JDK
Summary
The ContentSigner API in com.sun.jarsigner and the accompanying jarsigner options -altsigner and -altsignerpath options have been deprecated for removal since JDK 15 and should be removed.
Problem
This extension mechanism was deprecated in JDK 9 since it was deemed too low-level and had no known use. Removing it will reduce maintenance costs for jarsigner.
Also, Section 4 of RFC 8933
(Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection, published in October 2020) recommends using CMSAlgorithmProtection as a signed attribute for security reasons. This is not possible with the ContentSigner extension mechanism.
Solution
Remove the terminally deprecated classes com.sun.jarsigner.ContentSigner, com.sun.jarsigner.ContentSignerParameters and the associated package-info.java file.
Remove the -altsigner and -altsignerpath options from jarsigner tool. Remove any mention of these options from the jarsigner man page.
Specification
Remove the following classes. Any class implementing these interfaces will fail to compile:
com.sun.jarsigner.ContentSignercom.sun.jarsigner.ContentSignerParameters
Remove the following package descriptor:
com/sun/jarsigner/package-info.java
Remove the following options from the output of jarsigner --help:
- -altsigner
- -altsignerpath
Using the removed options will cause jarsigner to fail with an 'illegal option' message:
% jarsigner -altsigner
Illegal option: -altsignerRemove the Deprecated Options section from the jarsigner man page where the -altsigner and -altsignerpath are described.
- csr of
-
JDK-8303410 Remove ContentSigner APIs and jarsigner -altsigner and -altsignerpath options
-
- Resolved
-