RFR - 8132734: java.util.jar.* changes to support multi-release jar files

[Steve Drach]

>>> The jarsigner from jdk9/dev can not, giving me the error
>>> 
>>> jarsigner: unable to sign jar: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
>>> 
>>> I’m unsure what that means, and searching for it has not turned up anything useful except that it might be limited to Mac OS/X.  If anyone can help me here, I’d appreciate it.
>> 
>> This means it could not find a trusted root CA from the cacerts file to validate the certificate chain. By default, OpenJDK includes an empty cacerts file. You need to do a jdk9 build with the closed sources, as that is where the trusted roots are.
> 
> If this is the problem, I think it's a bug. When jarsigner is signing it uses a key pair inside a keystone specified by -keystore. I don't see a reason why cacerts must be populated.

I copied a cacerts file from an official Oracle early access release of JDK 9 and it started working.

> 
> Can you add a -debug option to show the full exception stack info? I even could not see how SSL is involved here.

Would you still like me to do this?