From 31680b2bcffe03ec11204946a1e168d4d9f31d87 Mon Sep 17 00:00:00 2001
From: Eirik Bjorsnos <eirbjo@gmail.com>
Date: Tue, 14 Mar 2023 11:48:59 +0000
Subject: [PATCH] 8303410: Remove ContentSigner APIs and jarsigner -altsigner
 and -altsignerpath options

Reviewed-by: weijun
---
 .../com/sun/jarsigner/ContentSigner.java      |  73 -------
 .../jarsigner/ContentSignerParameters.java    | 118 -----------
 .../com/sun/jarsigner/package-info.java       |  38 ----
 .../jdk/security/jarsigner/JarSigner.java     | 200 ++----------------
 .../share/classes/module-info.java            |   3 +-
 .../sun/security/tools/jarsigner/Main.java    |  32 ---
 .../security/tools/jarsigner/Resources.java   |  11 +-
 .../tools/jarsigner/Resources_de.java         |   9 +-
 .../tools/jarsigner/Resources_ja.java         |   9 +-
 .../tools/jarsigner/Resources_zh_CN.java      |   9 +-
 test/jdk/TEST.groups                          |   3 +-
 test/jdk/com/sun/jarsigner/DefaultMethod.java |  79 -------
 test/jdk/jdk/security/jarsigner/Spec.java     |  28 +--
 .../sun/security/tools/jarsigner/Options.java |  57 +----
 14 files changed, 27 insertions(+), 642 deletions(-)
 delete mode 100644 src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSigner.java
 delete mode 100644 src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSignerParameters.java
 delete mode 100644 src/jdk.jartool/share/classes/com/sun/jarsigner/package-info.java
 delete mode 100644 test/jdk/com/sun/jarsigner/DefaultMethod.java

diff --git a/src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSigner.java b/src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSigner.java
deleted file mode 100644
index 728c6c66e34..00000000000
--- a/src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSigner.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jarsigner;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-
-/**
- * This class defines a content signing service.
- * Implementations must be instantiable using a zero-argument constructor.
- *
- * @since 1.5
- * @author Vincent Ryan
- * @deprecated This class has been deprecated.
- */
-
-@Deprecated(since="9", forRemoval=true)
-public abstract class ContentSigner {
-
-    /**
-     * Generates a PKCS #7 signed data message.
-     * This method is used when the signature has already been generated.
-     * The signature, the signer's details, and optionally a signature
-     * timestamp and the content that was signed, are all packaged into a
-     * signed data message.
-     *
-     * @param parameters The non-null input parameters.
-     * @param omitContent true if the content should be omitted from the
-     *         signed data message. Otherwise the content is included.
-     * @param applyTimestamp true if the signature should be timestamped.
-     *         Otherwise timestamping is not performed.
-     * @return A PKCS #7 signed data message.
-     * @throws NoSuchAlgorithmException The exception is thrown if the signature
-     *         algorithm is unrecognised.
-     * @throws CertificateException The exception is thrown if an error occurs
-     *         while processing the signer's certificate or the TSA's
-     *         certificate.
-     * @throws IOException The exception is thrown if an error occurs while
-     *         generating the signature timestamp or while generating the signed
-     *         data message.
-     * @throws NullPointerException The exception is thrown if parameters is
-     *         null.
-     */
-    @SuppressWarnings("removal")
-    public abstract byte[] generateSignedData(
-        ContentSignerParameters parameters, boolean omitContent,
-        boolean applyTimestamp)
-            throws NoSuchAlgorithmException, CertificateException, IOException;
-}
diff --git a/src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSignerParameters.java b/src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSignerParameters.java
deleted file mode 100644
index ba0e3a000dd..00000000000
--- a/src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSignerParameters.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jarsigner;
-
-import java.net.URI;
-import java.security.cert.X509Certificate;
-import java.util.zip.ZipFile;
-
-/**
- * This interface encapsulates the parameters for a ContentSigner object.
- *
- * @since 1.5
- * @author Vincent Ryan
- * @deprecated This class has been deprecated.
- */
-@Deprecated(since="9", forRemoval=true)
-public interface ContentSignerParameters {
-
-    /**
-     * Retrieves the command-line arguments passed to the jarsigner tool.
-     *
-     * @return The command-line arguments. May be null.
-     */
-    public String[] getCommandLine();
-
-    /**
-     * Retrieves the identifier for a Timestamping Authority (TSA).
-     *
-     * @return The TSA identifier. May be null.
-     */
-    public URI getTimestampingAuthority();
-
-    /**
-     * Retrieves the certificate for a Timestamping Authority (TSA).
-     *
-     * @return The TSA certificate. May be null.
-     */
-    public X509Certificate getTimestampingAuthorityCertificate();
-
-    /**
-     * Retrieves the TSAPolicyID for a Timestamping Authority (TSA).
-     *
-     * @return The TSAPolicyID. May be null.
-     */
-    public default String getTSAPolicyID() {
-        return null;
-    }
-
-    /**
-     * Retreives the message digest algorithm that is used to generate
-     * the message imprint to be sent to the TSA server.
-     *
-     * @since 9
-     * @return The non-null string of the message digest algorithm name.
-     */
-    public default String getTSADigestAlg() {
-        return "SHA-256";
-    }
-
-    /**
-     * Retrieves the JAR file's signature.
-     *
-     * @return The non-null array of signature bytes.
-     */
-    public byte[] getSignature();
-
-    /**
-     * Retrieves the name of the signature algorithm.
-     *
-     * @return The non-null string name of the signature algorithm.
-     */
-    public String getSignatureAlgorithm();
-
-    /**
-     * Retrieves the signer's X.509 certificate chain.
-     *
-     * @return The non-null array of X.509 public-key certificates.
-     */
-    public X509Certificate[] getSignerCertificateChain();
-
-    /**
-     * Retrieves the content that was signed.
-     * The content is the JAR file's signature file.
-     *
-     * @return The content bytes. May be null.
-     */
-    public byte[] getContent();
-
-    /**
-     * Retrieves the original source ZIP file before it was signed.
-     *
-     * @return The original ZIP file. May be null.
-     */
-    public ZipFile getSource();
-}
diff --git a/src/jdk.jartool/share/classes/com/sun/jarsigner/package-info.java b/src/jdk.jartool/share/classes/com/sun/jarsigner/package-info.java
deleted file mode 100644
index 72b46929442..00000000000
--- a/src/jdk.jartool/share/classes/com/sun/jarsigner/package-info.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-/**
- * This package comprises the interfaces and classes used to define the
- * signing mechanism used by the {@code jarsigner} tool.
- * <p>
- * Clients may override the default signing mechanism of the {@code jarsigner}
- * tool by supplying an alternative implementation of
- * {@link com.sun.jarsigner.ContentSigner}.
- *
- * The classes in this package have been deprecated and will be removed in
- * a future release. New classes should not be added to this package.
- * Use the {@link jdk.security.jarsigner.JarSigner} API to sign JAR files.
- */
-
-package com.sun.jarsigner;
diff --git a/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java b/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java
index 97d3d2ba877..4f85adb7528 100644
--- a/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java
+++ b/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java
@@ -25,8 +25,6 @@
 
 package jdk.security.jarsigner;
 
-import com.sun.jarsigner.ContentSigner;
-import com.sun.jarsigner.ContentSignerParameters;
 import jdk.internal.access.JavaUtilZipFileAccess;
 import jdk.internal.access.SharedSecrets;
 import sun.security.pkcs.PKCS7;
@@ -123,8 +121,6 @@ public final class JarSigner {
         String tSADigestAlg;
         boolean sectionsonly = false;
         boolean internalsf = false;
-        String altSignerPath;
-        String altSigner;
 
         /**
          * Creates a {@code JarSigner.Builder} object with
@@ -391,12 +387,6 @@ public final class JarSigner {
                 case "sectionsonly":
                     this.sectionsonly = parseBoolean("sectionsonly", value);
                     break;
-                case "altsignerpath":
-                    altSignerPath = value;
-                    break;
-                case "altsigner":
-                    altSigner = value;
-                    break;
                 default:
                     throw new UnsupportedOperationException(
                             "Unsupported key " + key);
@@ -502,11 +492,6 @@ public final class JarSigner {
     private final String tSADigestAlg;
     private final boolean sectionsonly; // do not "sign" the whole manifest
     private final boolean internalsf; // include the .SF inside the PKCS7 block
-
-    @Deprecated(since="16", forRemoval=true)
-    private final String altSignerPath;
-    @Deprecated(since="16", forRemoval=true)
-    private final String altSigner;
     private boolean extraAttrsDetected;
 
     private JarSigner(JarSigner.Builder builder) {
@@ -549,15 +534,6 @@ public final class JarSigner {
         this.tSAPolicyID = builder.tSAPolicyID;
         this.sectionsonly = builder.sectionsonly;
         this.internalsf = builder.internalsf;
-        this.altSigner = builder.altSigner;
-        this.altSignerPath = builder.altSignerPath;
-
-        // altSigner cannot support modern algorithms like RSASSA-PSS and EdDSA
-        if (altSigner != null
-                && !sigalg.toUpperCase(Locale.ENGLISH).contains("WITH")) {
-            throw new IllegalArgumentException(
-                    "Customized ContentSigner is not supported for " + sigalg);
-        }
     }
 
     /**
@@ -658,10 +634,6 @@ public final class JarSigner {
                 return Boolean.toString(internalsf);
             case "sectionsonly":
                 return Boolean.toString(sectionsonly);
-            case "altsignerpath":
-                return altSignerPath;
-            case "altsigner":
-                return altSigner;
             default:
                 throw new UnsupportedOperationException(
                         "Unsupported key " + key);
@@ -854,46 +826,27 @@ public final class JarSigner {
         sf.write(baos);
         byte[] content = baos.toByteArray();
 
-        if (altSigner == null) {
-            Function<byte[], PKCS9Attributes> timestamper = null;
-            if (tsaUrl != null) {
-                timestamper = s -> {
-                    try {
-                        // Timestamp the signature
-                        HttpTimestamper tsa = new HttpTimestamper(tsaUrl);
-                        byte[] tsToken = PKCS7.generateTimestampToken(
-                                tsa, tSAPolicyID, tSADigestAlg, s);
+        Function<byte[], PKCS9Attributes> timestamper = null;
+        if (tsaUrl != null) {
+            timestamper = s -> {
+                try {
+                    // Timestamp the signature
+                    HttpTimestamper tsa = new HttpTimestamper(tsaUrl);
+                    byte[] tsToken = PKCS7.generateTimestampToken(
+                            tsa, tSAPolicyID, tSADigestAlg, s);
 
-                        return new PKCS9Attributes(new PKCS9Attribute[]{
-                                new PKCS9Attribute(
-                                        PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID,
-                                        tsToken)});
-                    } catch (IOException | CertificateException e) {
-                        throw new RuntimeException(e);
-                    }
-                };
-            }
-            // We now create authAttrs in block data, so "direct == false".
-            block = PKCS7.generateNewSignedData(sigalg, sigProvider, privateKey, certChain,
-                    content, internalsf, false, timestamper);
-        } else {
-            Signature signer = SignatureUtil.fromKey(sigalg, privateKey, sigProvider);
-            signer.update(content);
-            byte[] signature = signer.sign();
-
-            @SuppressWarnings("removal")
-            ContentSignerParameters params =
-                    new JarSignerParameters(null, tsaUrl, tSAPolicyID,
-                            tSADigestAlg, signature,
-                            signer.getAlgorithm(), certChain, content, zipFile);
-            @SuppressWarnings("removal")
-            ContentSigner signingMechanism = loadSigningMechanism(altSigner, altSignerPath);
-            block = signingMechanism.generateSignedData(
-                    params,
-                    !internalsf,
-                    params.getTimestampingAuthority() != null
-                            || params.getTimestampingAuthorityCertificate() != null);
+                    return new PKCS9Attributes(new PKCS9Attribute[]{
+                            new PKCS9Attribute(
+                                    PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID,
+                                    tsToken)});
+                } catch (IOException | CertificateException e) {
+                    throw new RuntimeException(e);
+                }
+            };
         }
+        // We now create authAttrs in block data, so "direct == false".
+        block = PKCS7.generateNewSignedData(sigalg, sigProvider, privateKey, certChain,
+                content, internalsf, false, timestamper);
 
         String sfFilename = sf.getMetaName();
         String bkFilename = sf.getBlockName(privateKey);
@@ -1101,44 +1054,6 @@ public final class JarSigner {
         return base64Digests;
     }
 
-    /*
-     * Try to load the specified signing mechanism.
-     * The URL class loader is used.
-     */
-    @SuppressWarnings("removal")
-    private ContentSigner loadSigningMechanism(String signerClassName,
-                                               String signerClassPath) {
-
-        // If there is no signerClassPath provided, search from here
-        if (signerClassPath == null) {
-            signerClassPath = ".";
-        }
-
-        // construct class loader
-        String cpString;   // make sure env.class.path defaults to dot
-
-        // do prepends to get correct ordering
-        cpString = PathList.appendPath(
-                System.getProperty("env.class.path"), null);
-        cpString = PathList.appendPath(
-                System.getProperty("java.class.path"), cpString);
-        cpString = PathList.appendPath(signerClassPath, cpString);
-        URL[] urls = PathList.pathToURLs(cpString);
-        ClassLoader appClassLoader = new URLClassLoader(urls);
-
-        try {
-            // attempt to find signer
-            Class<?> signerClass = appClassLoader.loadClass(signerClassName);
-            Object signer = signerClass.getDeclaredConstructor().newInstance();
-            return (ContentSigner) signer;
-        } catch (ClassNotFoundException|InstantiationException|
-                IllegalAccessException|ClassCastException|
-                NoSuchMethodException| InvocationTargetException e) {
-            throw new IllegalArgumentException(
-                    "Invalid altSigner or altSignerPath", e);
-        }
-    }
-
     static class SignatureFile {
 
         /**
@@ -1226,81 +1141,4 @@ public final class JarSigner {
             return getBaseSignatureFilesName(baseName) + type;
         }
     }
-
-    @SuppressWarnings("removal")
-    @Deprecated(since="16", forRemoval=true)
-    class JarSignerParameters implements ContentSignerParameters {
-
-        private String[] args;
-        private URI tsa;
-        private byte[] signature;
-        private String signatureAlgorithm;
-        private X509Certificate[] signerCertificateChain;
-        private byte[] content;
-        private ZipFile source;
-        private String tSAPolicyID;
-        private String tSADigestAlg;
-
-        JarSignerParameters(String[] args, URI tsa,
-                            String tSAPolicyID, String tSADigestAlg,
-                            byte[] signature, String signatureAlgorithm,
-                            X509Certificate[] signerCertificateChain,
-                            byte[] content, ZipFile source) {
-
-            Objects.requireNonNull(signature);
-            Objects.requireNonNull(signatureAlgorithm);
-            Objects.requireNonNull(signerCertificateChain);
-
-            this.args = args;
-            this.tsa = tsa;
-            this.tSAPolicyID = tSAPolicyID;
-            this.tSADigestAlg = tSADigestAlg;
-            this.signature = signature;
-            this.signatureAlgorithm = signatureAlgorithm;
-            this.signerCertificateChain = signerCertificateChain;
-            this.content = content;
-            this.source = source;
-        }
-
-        public String[] getCommandLine() {
-            return args;
-        }
-
-        public URI getTimestampingAuthority() {
-            return tsa;
-        }
-
-        public X509Certificate getTimestampingAuthorityCertificate() {
-            // We don't use this param. Always provide tsaURI.
-            return null;
-        }
-
-        public String getTSAPolicyID() {
-            return tSAPolicyID;
-        }
-
-        public String getTSADigestAlg() {
-            return tSADigestAlg;
-        }
-
-        public byte[] getSignature() {
-            return signature;
-        }
-
-        public String getSignatureAlgorithm() {
-            return signatureAlgorithm;
-        }
-
-        public X509Certificate[] getSignerCertificateChain() {
-            return signerCertificateChain;
-        }
-
-        public byte[] getContent() {
-            return content;
-        }
-
-        public ZipFile getSource() {
-            return source;
-        }
-    }
 }
diff --git a/src/jdk.jartool/share/classes/module-info.java b/src/jdk.jartool/share/classes/module-info.java
index 00a4f4df218..880e516b702 100644
--- a/src/jdk.jartool/share/classes/module-info.java
+++ b/src/jdk.jartool/share/classes/module-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,6 @@ import jdk.internal.javac.ParticipatesInPreview;
 module jdk.jartool {
     requires jdk.internal.opt;
 
-    exports com.sun.jarsigner;
     exports jdk.security.jarsigner;
 
     provides java.util.spi.ToolProvider with
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
index c6ebfb25e0c..5c0ecc49655 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
@@ -179,8 +179,6 @@ public class Main {
     boolean revocationCheck = false; // Revocation check flag
 
     // read zip entry raw bytes
-    private String altSignerClass = null;
-    private String altSignerClasspath = null;
     private ZipFile zipFile = null;
 
     // Informational warnings
@@ -483,18 +481,6 @@ public class Main {
             } else if (collator.compare(flags, "-tsacert") ==0) {
                 if (++n == args.length) usageNoArg();
                 tsaAlias = args[n];
-            } else if (collator.compare(flags, "-altsigner") ==0) {
-                if (++n == args.length) usageNoArg();
-                altSignerClass = args[n];
-                System.err.println(
-                        rb.getString("This.option.is.forremoval") +
-                                "-altsigner");
-            } else if (collator.compare(flags, "-altsignerpath") ==0) {
-                if (++n == args.length) usageNoArg();
-                altSignerClasspath = args[n];
-                System.err.println(
-                        rb.getString("This.option.is.forremoval") +
-                                "-altsignerpath");
             } else if (collator.compare(flags, "-sectionsonly") ==0) {
                 signManifest = false;
             } else if (collator.compare(flags, "-internalsf") ==0) {
@@ -698,12 +684,6 @@ public class Main {
         System.out.println(rb.getString
                 (".tsadigestalg.algorithm.of.digest.data.in.timestamping.request"));
         System.out.println();
-        System.out.println(rb.getString
-                (".altsigner.class.class.name.of.an.alternative.signing.mechanism"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism"));
-        System.out.println();
         System.out.println(rb.getString
                 (".internalsf.include.the.SF.file.inside.the.signature.block"));
         System.out.println();
@@ -1948,18 +1928,6 @@ public class Main {
             }
         }
 
-        if (altSignerClass != null) {
-            builder.setProperty("altSigner", altSignerClass);
-            if (verbose != null) {
-                System.out.println(
-                        rb.getString("using.an.alternative.signing.mechanism"));
-            }
-        }
-
-        if (altSignerClasspath != null) {
-            builder.setProperty("altSignerPath", altSignerClasspath);
-        }
-
         builder.signerName(sigfile);
 
         builder.setProperty("sectionsOnly", Boolean.toString(!signManifest));
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
index 37a1f24f90d..d982f618600 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,6 @@ public class Resources extends java.util.ListResourceBundle {
         {"provider.class.not.found", "Provider \"%s\" not found"},
         {"jarsigner.error.", "jarsigner error: "},
         {"Illegal.option.", "Illegal option: "},
-        {"This.option.is.forremoval", "This option is deprecated and will be removed in a future release: "},
         {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "-keystore must be NONE if -storetype is {0}"},
         {".keypass.can.not.be.specified.if.storetype.is.{0}",
@@ -97,12 +96,6 @@ public class Resources extends java.util.ListResourceBundle {
                 "[-tsapolicyid <oid>]        TSAPolicyID for Timestamping Authority"},
         {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
                 "[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        class name of an alternative signing mechanism\n" +
-                "                            (This option is deprecated and will be removed in a future release.)"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] location of an alternative signing mechanism\n" +
-                "                            (This option is deprecated and will be removed in a future release.)"},
         {".internalsf.include.the.SF.file.inside.the.signature.block",
                 "[-internalsf]               include the .SF file inside the signature block"},
         {".sectionsonly.don.t.compute.hash.of.entire.manifest",
@@ -240,8 +233,6 @@ public class Resources extends java.util.ListResourceBundle {
         {"or", "or"},
         {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
                 "Certificate not found for: {0}.  {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."},
-        {"using.an.alternative.signing.mechanism",
-                "using an alternative signing mechanism"},
         {"entry.was.signed.on", "entry was signed on {0}"},
         {"Warning.", "Warning: "},
         {"Error.", "Error: "},
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_de.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_de.java
index 21bcca28b00..06c8a901cd2 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_de.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_de.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,6 @@ public class Resources_de extends java.util.ListResourceBundle {
         {"provider.class.not.found", "Provider \"%s\" nicht gefunden"},
         {"jarsigner.error.", "jarsigner-Fehler: "},
         {"Illegal.option.", "Unzul\u00E4ssige Option: "},
-        {"This.option.is.forremoval", "Diese Option ist veraltet und wird in einem zuk\u00FCnftigen Release entfernt: "},
         {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "-keystore muss NONE sein, wenn -storetype {0} ist"},
         {".keypass.can.not.be.specified.if.storetype.is.{0}",
@@ -97,10 +96,6 @@ public class Resources_de extends java.util.ListResourceBundle {
                 "[-tsapolicyid <OID>]        TSAPolicyID f\u00FCr Zeitstempelautorit\u00E4t"},
         {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
                 "[-tsadigestalg <Algorithmus>] Algorithmus der Digestdaten in Zeitstempelanforderung"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <Klasse>]        Klassenname eines alternativen Signiermechanismus\n                            (Diese Option ist veraltet und wird in einem zuk\u00FCnftigen Release entfernt.)"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <Pfadliste>] Speicherort eines alternativen Signiermechanismus\n                            (Diese Option ist veraltet und wird in einem zuk\u00FCnftigen Release entfernt.)"},
         {".internalsf.include.the.SF.file.inside.the.signature.block",
                 "[-internalsf]               SF-Datei in Signaturblock aufnehmen"},
         {".sectionsonly.don.t.compute.hash.of.entire.manifest",
@@ -236,8 +231,6 @@ public class Resources_de extends java.util.ListResourceBundle {
         {"or", "oder"},
         {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
                 "Zertifikat nicht gefunden f\u00FCr: {0}. {1} muss einen g\u00FCltigen Keystore-Eintrag referenzieren, der ein X.509-Public-Key-Zertifikat f\u00FCr die Zeitstempelautorit\u00E4t enth\u00E4lt."},
-        {"using.an.alternative.signing.mechanism",
-                "Verwendung eines alternativen Signaturmechanismus"},
         {"entry.was.signed.on", "Eintrag wurde signiert am {0}"},
         {"Warning.", "Warnung: "},
         {"Error.", "Fehler: "},
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java
index 8da54a1b6d9..1d8e7c54a3c 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_ja.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,6 @@ public class Resources_ja extends java.util.ListResourceBundle {
         {"provider.class.not.found", "\u30D7\u30ED\u30D0\u30A4\u30C0\"%s\"\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093"},
         {"jarsigner.error.", "jarsigner\u30A8\u30E9\u30FC: "},
         {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "},
-        {"This.option.is.forremoval", "\u3053\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u975E\u63A8\u5968\u3067\u3042\u308A\u3001\u5C06\u6765\u306E\u30EA\u30EA\u30FC\u30B9\u3067\u524A\u9664\u3055\u308C\u308B\u4E88\u5B9A\u3067\u3059: "},
         {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"},
         {".keypass.can.not.be.specified.if.storetype.is.{0}",
@@ -97,10 +96,6 @@ public class Resources_ja extends java.util.ListResourceBundle {
                 "[-tsapolicyid <oid>]        \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306ETSAPolicyID"},
         {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
                 "[-tsadigestalg <algorithm>] \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u30FB\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30C7\u30FC\u30BF\u306E\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u30AF\u30E9\u30B9\u540D\n                            (\u3053\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u975E\u63A8\u5968\u3067\u3042\u308A\u3001\u5C06\u6765\u306E\u30EA\u30EA\u30FC\u30B9\u3067\u524A\u9664\u3055\u308C\u308B\u4E88\u5B9A\u3067\u3059\u3002)"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u5834\u6240\n                            (\u3053\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u975E\u63A8\u5968\u3067\u3042\u308A\u3001\u5C06\u6765\u306E\u30EA\u30EA\u30FC\u30B9\u3067\u524A\u9664\u3055\u308C\u308B\u4E88\u5B9A\u3067\u3059\u3002)"},
         {".internalsf.include.the.SF.file.inside.the.signature.block",
                 "[-internalsf]               \u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30D6\u30ED\u30C3\u30AF\u306B.SF\u30D5\u30A1\u30A4\u30EB\u3092\u542B\u3081\u308B"},
         {".sectionsonly.don.t.compute.hash.of.entire.manifest",
@@ -236,8 +231,6 @@ public class Resources_ja extends java.util.ListResourceBundle {
         {"or", "\u307E\u305F\u306F"},
         {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
                 "\u8A3C\u660E\u66F8\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F: {0}\u3002{1}\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306EX.509\u516C\u958B\u30AD\u30FC\u8A3C\u660E\u66F8\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u6709\u52B9\u306AKeyStore\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"},
-        {"using.an.alternative.signing.mechanism",
-                "\u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u4F7F\u7528"},
         {"entry.was.signed.on", "\u30A8\u30F3\u30C8\u30EA\u306F{0}\u306B\u7F72\u540D\u3055\u308C\u307E\u3057\u305F"},
         {"Warning.", "\u8B66\u544A: "},
         {"Error.", "\u30A8\u30E9\u30FC: "},
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
index 9ac39f79685..2b4059ea877 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,6 @@ public class Resources_zh_CN extends java.util.ListResourceBundle {
         {"provider.class.not.found", "\u672A\u627E\u5230\u63D0\u4F9B\u65B9 \"%s\""},
         {"jarsigner.error.", "jarsigner \u9519\u8BEF: "},
         {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "},
-        {"This.option.is.forremoval", "\u8BE5\u9009\u9879\u5DF2\u8FC7\u65F6\uFF0C\u5728\u5C06\u6765\u7684\u53D1\u884C\u7248\u4E2D\u5C06\u88AB\u5220\u9664\uFF1A"},
         {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"},
         {".keypass.can.not.be.specified.if.storetype.is.{0}",
@@ -97,10 +96,6 @@ public class Resources_zh_CN extends java.util.ListResourceBundle {
                 "[-tsapolicyid <oid>]        \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 TSAPolicyID"},
         {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
                 "[-tsadigestalg <\u7B97\u6CD5>]      \u65F6\u95F4\u6233\u8BF7\u6C42\u4E2D\u7684\u6458\u8981\u6570\u636E\u7684\u7B97\u6CD5"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        \u66FF\u4EE3\u7B7E\u540D\u673A\u5236\u7684\u7C7B\u540D\n                            \uFF08\u8BE5\u9009\u9879\u5DF2\u8FC7\u65F6\uFF0C\u5728\u5C06\u6765\u7684\u53D1\u884C\u7248\u4E2D\u5C06\u88AB\u5220\u9664\u3002\uFF09"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] \u66FF\u4EE3\u7B7E\u540D\u673A\u5236\u7684\u4F4D\u7F6E\n                            \uFF08\u8BE5\u9009\u9879\u5DF2\u8FC7\u65F6\uFF0C\u5728\u5C06\u6765\u7684\u53D1\u884C\u7248\u4E2D\u5C06\u88AB\u5220\u9664\u3002\uFF09"},
         {".internalsf.include.the.SF.file.inside.the.signature.block",
                 "[-internalsf]               \u5728\u7B7E\u540D\u5757\u5185\u5305\u542B .SF \u6587\u4EF6"},
         {".sectionsonly.don.t.compute.hash.of.entire.manifest",
@@ -236,8 +231,6 @@ public class Resources_zh_CN extends java.util.ListResourceBundle {
         {"or", "\u6216"},
         {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
                 "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 X.509 \u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u6761\u76EE\u3002"},
-        {"using.an.alternative.signing.mechanism",
-                "\u6B63\u5728\u4F7F\u7528\u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236"},
         {"entry.was.signed.on", "\u6761\u76EE\u7684\u7B7E\u540D\u65E5\u671F\u4E3A {0}"},
         {"Warning.", "\u8B66\u544A: "},
         {"Error.", "\u9519\u8BEF: "},
diff --git a/test/jdk/TEST.groups b/test/jdk/TEST.groups
index 412f574b1d4..f96bf1b0c02 100644
--- a/test/jdk/TEST.groups
+++ b/test/jdk/TEST.groups
@@ -1,4 +1,4 @@
-#  Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved.
+#  Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
 #  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 #  This code is free software; you can redistribute it and/or modify it
@@ -217,7 +217,6 @@ jdk_security2 = \
 jdk_security3 = \
     javax/security  \
     -javax/security/auth/kerberos \
-    com/sun/jarsigner \
     com/sun/security \
     -com/sun/security/jgss \
     com/sun/org/apache/xml/internal/security \
diff --git a/test/jdk/com/sun/jarsigner/DefaultMethod.java b/test/jdk/com/sun/jarsigner/DefaultMethod.java
deleted file mode 100644
index db7a040b01d..00000000000
--- a/test/jdk/com/sun/jarsigner/DefaultMethod.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 8039358
- * @summary com.sun.jarsigner.ContentSignerParameters.getTSAPolicyID() should be default
- * @modules jdk.jartool
- * @compile DefaultMethod.java
- */
-
-import com.sun.jarsigner.ContentSignerParameters;
-
-import java.net.URI;
-import java.security.cert.X509Certificate;
-import java.util.zip.ZipFile;
-
-public class DefaultMethod implements ContentSignerParameters {
-
-    @Override
-    public String[] getCommandLine() {
-        return new String[0];
-    }
-
-    @Override
-    public URI getTimestampingAuthority() {
-        return null;
-    }
-
-    @Override
-    public X509Certificate getTimestampingAuthorityCertificate() {
-        return null;
-    }
-
-    @Override
-    public byte[] getSignature() {
-        return new byte[0];
-    }
-
-    @Override
-    public String getSignatureAlgorithm() {
-        return null;
-    }
-
-    @Override
-    public X509Certificate[] getSignerCertificateChain() {
-        return new X509Certificate[0];
-    }
-
-    @Override
-    public byte[] getContent() {
-        return new byte[0];
-    }
-
-    @Override
-    public ZipFile getSource() {
-        return null;
-    }
-}
diff --git a/test/jdk/jdk/security/jarsigner/Spec.java b/test/jdk/jdk/security/jarsigner/Spec.java
index 0b41cc94be6..0e189babb8b 100644
--- a/test/jdk/jdk/security/jarsigner/Spec.java
+++ b/test/jdk/jdk/security/jarsigner/Spec.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,8 +34,6 @@
  * @run main/othervm Spec
  */
 
-import com.sun.jarsigner.ContentSigner;
-import com.sun.jarsigner.ContentSignerParameters;
 import jdk.security.jarsigner.JarSigner;
 import jdk.test.lib.util.JarUtils;
 import sun.security.provider.certpath.X509CertPath;
@@ -129,7 +127,6 @@ public class Spec {
         npe(()->b1.setProperty("sectionsonly", null));
         iae(()->b1.setProperty("sectionsonly", "OK"));
         npe(()->b1.setProperty("sectionsonly", null));
-        npe(()->b1.setProperty("altsigner", null));
         npe(()->b1.eventHandler(null));
 
         // default values
@@ -147,7 +144,6 @@ public class Spec {
         assertTrue(js2.getProperty("tsapolicyid") == null);
         assertTrue(js2.getProperty("internalsf").equals("false"));
         assertTrue(js2.getProperty("sectionsonly").equals("false"));
-        assertTrue(js2.getProperty("altsigner") == null);
         uoe(()->js2.getProperty("invalid"));
 
         // default values
@@ -163,7 +159,6 @@ public class Spec {
                 .setProperty("tsapolicyid", "1.2.3.4")
                 .setProperty("internalsf", "true")
                 .setProperty("sectionsonly", "true")
-                .setProperty("altsigner", "MyContentSigner")
                 .eventHandler(myeh);
         JarSigner js3 = b3.build();
 
@@ -175,8 +170,6 @@ public class Spec {
         assertTrue(js3.getProperty("tsapolicyid").equals("1.2.3.4"));
         assertTrue(js3.getProperty("internalsf").equals("true"));
         assertTrue(js3.getProperty("sectionsonly").equals("true"));
-        assertTrue(js3.getProperty("altsigner").equals("MyContentSigner"));
-        assertTrue(js3.getProperty("altsignerpath") == null);
 
         assertTrue(JarSigner.Builder.getDefaultDigestAlgorithm()
                 .equals("SHA-384"));
@@ -207,14 +200,6 @@ public class Spec {
         assertTrue(JarSigner.Builder
                 .getDefaultSignatureAlgorithm(kpg.generateKeyPair().getPrivate())
                 .equals("SHA512withECDSA"));
-
-        // altsigner does not support modern algorithms
-        JarSigner.Builder b4 = new JarSigner.Builder(
-                (PrivateKey)ks.getKey("e", pass),
-                CertificateFactory.getInstance("X.509")
-                        .generateCertPath(Arrays.asList(ks.getCertificateChain("e"))));
-        b4.setProperty("altsigner", "MyContentSigner");
-        iae(() -> b4.build());
     }
 
     interface RunnableWithException {
@@ -253,15 +238,4 @@ public class Spec {
     static void assertTrue(boolean x) throws Exception {
         if (!x) throw new Exception("Not true");
     }
-
-    static class MyContentSigner extends ContentSigner {
-        @Override
-        public byte[] generateSignedData(
-                ContentSignerParameters parameters,
-                boolean omitContent,
-                boolean applyTimestamp) throws NoSuchAlgorithmException,
-                CertificateException, IOException {
-            return new byte[0];
-        }
-    }
 }
diff --git a/test/jdk/sun/security/tools/jarsigner/Options.java b/test/jdk/sun/security/tools/jarsigner/Options.java
index ba03fd2c58f..1e5c4fedd3c 100644
--- a/test/jdk/sun/security/tools/jarsigner/Options.java
+++ b/test/jdk/sun/security/tools/jarsigner/Options.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,8 +31,6 @@
  *          java.base/sun.security.x509
  */
 
-import com.sun.jarsigner.ContentSigner;
-import com.sun.jarsigner.ContentSignerParameters;
 import jdk.test.lib.Asserts;
 import jdk.test.lib.SecurityTools;
 import jdk.test.lib.util.JarUtils;
@@ -52,19 +50,6 @@ public class Options {
 
     public static void main(String[] args) throws Exception {
 
-        // Help
-        boolean lastLineHasAltSigner = false;
-        for (String line : SecurityTools.jarsigner("--help").asLines()) {
-            if (line.contains("-altsigner")) {
-                lastLineHasAltSigner = true;
-            } else {
-                if (lastLineHasAltSigner) {
-                    Asserts.assertTrue(line.contains("deprecated and will be removed"));
-                }
-                lastLineHasAltSigner = false;
-            }
-        }
-
         // Prepares raw file
         Files.write(Path.of("a"), List.of("a"));
 
@@ -77,38 +62,6 @@ public class Options {
                         " CN=A -alias a -genkeypair -keyalg rsa")
                 .shouldHaveExitValue(0);
 
-        // -altsign
-        SecurityTools.jarsigner(
-                "-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
-                        " -altsigner Options$X" +
-                        " -altsignerpath " + System.getProperty("test.classes") +
-                        " a.jar a")
-                .shouldContain("removed in a future release: -altsigner")
-                .shouldContain("removed in a future release: -altsignerpath")
-                .shouldContain("PKCS7.parse");  // signature not parseable
-                                                // but signing succeeds
-
-        try (JarFile jf = new JarFile("altsign.jar")) {
-            JarEntry je = jf.getJarEntry("META-INF/A.RSA");
-            try (InputStream is = jf.getInputStream(je)) {
-                if (!Arrays.equals(is.readAllBytes(), "1234".getBytes())) {
-                    throw new Exception("altsign go wrong");
-                }
-            }
-        }
-
-        // -altsign with no -altsignerpath
-        Files.copy(Path.of(System.getProperty("test.classes"), "Options$X.class"),
-                Path.of("Options$X.class"));
-        SecurityTools.jarsigner(
-                "-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
-                        " -altsigner Options$X" +
-                        " a.jar a")
-                .shouldContain("removed in a future release: -altsigner")
-                .shouldNotContain("removed in a future release: -altsignerpath")
-                .shouldContain("PKCS7.parse");  // signature not parseable
-                                                // but signing succeeds
-
         // -sigfile, -digestalg, -sigalg, -internalsf, -sectionsonly
         SecurityTools.jarsigner(
                 "-debug -signedjar new.jar -keystore jks -storepass changeit" +
@@ -155,12 +108,4 @@ public class Options {
 
         // TSA-related ones are checked in ts.sh
     }
-
-    public static class X extends ContentSigner {
-        @Override
-        public byte[] generateSignedData(ContentSignerParameters parameters,
-                boolean omitContent, boolean applyTimestamp) {
-            return "1234".getBytes();
-        }
-    }
 }