Nearly. This is actually not a JAR file that is signed, but its contents.
Technically, the individual files in the JAR archive that must be signed are hashed with a suitable hash function (for example, SHA-1). The hash value is specified in the manifest. Then an additional file (file *.SF) is added to the directory META-INF/; this file contains entries for each of the signed files: each entry contains the hash of the corresponding entry in the manifest (this is more or less a hash of the hash). *.SFalso contains an entry containing the hash of the main headers in the manifest. Finally, the file *.SFitself is signed, resulting in a file *.RSAor *.DSA(by itself in the directory META-INF/) that follows the CMS (formerly known as "PKCS # 7"). CMS relies on all the attributes of X.509 certificates.
. , JAR; JAR .