Do you actually need JAR signatures anyway? The JVM is bundled, it's not like you have to pass some system security policy beyond Gatekeeper/Windows code signing.