cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Moving to Java8 DateTime for WS-Security
Date Mon, 13 Mar 2017 19:53:45 GMT
Repository: cxf
Updated Branches:
  refs/heads/master abfd5936f -> de61a48bf


Moving to Java8 DateTime for WS-Security


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/de61a48b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/de61a48b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/de61a48b

Branch: refs/heads/master
Commit: de61a48bf953950e16d67038247903b747c4e7ae
Parents: abfd593
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 13 18:09:12 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 13 19:53:24 2017 +0000

----------------------------------------------------------------------
 .../policy/interceptors/STSInvoker.java         | 13 ++--
 .../SecureConversationInInterceptor.java        |  8 +--
 .../SpnegoContextTokenInInterceptor.java        |  9 +--
 .../ws/security/tokenstore/SecurityToken.java   | 72 +++++++-------------
 .../ws/security/trust/AbstractSTSClient.java    | 15 ++--
 .../cxf/ws/security/wss4j/WSS4JUtils.java       |  8 +--
 .../policyhandlers/AbstractBindingBuilder.java  |  8 +--
 .../AsymmetricBindingHandler.java               |  8 +--
 .../StaxSymmetricBindingHandler.java            |  8 +--
 .../policyhandlers/SymmetricBindingHandler.java | 23 +++----
 .../policyhandlers/TransportBindingHandler.java |  8 +--
 .../tokenstore/MemoryTokenStoreTest.java        |  6 +-
 .../org/apache/cxf/sts/cache/CacheUtils.java    |  4 +-
 .../cxf/sts/cache/HazelCastTokenStore.java      | 17 +++--
 .../cxf/sts/operation/AbstractOperation.java    | 22 +++---
 .../sts/token/provider/SAMLTokenProvider.java   | 14 ++--
 .../cxf/sts/token/provider/SCTProvider.java     | 17 +++--
 .../token/provider/TokenProviderResponse.java   | 52 ++++++--------
 .../token/provider/jwt/JWTTokenProvider.java    | 10 +--
 .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 14 ++--
 .../sts/token/renewer/TokenRenewerResponse.java | 48 ++++---------
 .../sts/token/validator/SAMLTokenValidator.java | 11 +--
 .../cxf/sts/cache/HazelCastTokenStoreTest.java  | 11 ++-
 .../token/provider/JWTProviderLifetimeTest.java | 34 ++++-----
 .../token/provider/JWTTokenProviderTest.java    | 28 ++++----
 .../provider/SAMLProviderLifetimeTest.java      | 24 ++++---
 .../renewer/SAMLTokenRenewerLifetimeTest.java   | 16 +++--
 .../cxf/systest/sts/caching/CachingTest.java    |  7 +-
 .../sts/secure_conv/SCTSAMLTokenProvider.java   | 15 +---
 .../stsclient/STSTokenOutInterceptorTest.java   |  5 +-
 .../sts/stsclient/STSTokenRetrieverTest.java    |  5 +-
 31 files changed, 234 insertions(+), 306 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index bbe164d..b8b520b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -20,8 +20,8 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.security.NoSuchAlgorithmException;
+import java.time.ZonedDateTime;
 import java.util.Base64;
-import java.util.Date;
 import java.util.logging.Logger;
 
 import javax.xml.stream.XMLStreamException;
@@ -50,10 +50,10 @@ import org.apache.wss4j.common.derivedKey.P_SHA1;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.token.Reference;
 import org.apache.wss4j.common.token.SecurityTokenReference;
+import org.apache.wss4j.common.util.DateUtil;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.message.token.SecurityContextToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 
 /**
  * An abstract Invoker used by the Spnego and SecureConversationInInterceptors.
@@ -286,20 +286,19 @@ abstract class STSInvoker implements Invoker {
 
     void writeLifetime(
         W3CDOMStreamWriter writer,
-        Date created,
-        Date expires,
+        ZonedDateTime created,
+        ZonedDateTime expires,
         String prefix,
         String namespace
     ) throws Exception {
-        XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
         writer.writeStartElement(prefix, "Lifetime", namespace);
         writer.writeNamespace("wsu", WSConstants.WSU_NS);
         writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
-        writer.writeCharacters(fmt.format(created.getTime()));
+        writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(created));
         writer.writeEndElement();
 
         writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
-        writer.writeCharacters(fmt.format(expires.getTime()));
+        writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(expires));
         writer.writeEndElement();
         writer.writeEndElement();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index ae91d89..1611a97 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -19,10 +19,11 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Collection;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -375,9 +376,8 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
                         .createSecureId("sctId-", sct.getElement()));
             }
 
-            Date created = new Date();
-            Date expires = new Date();
-            expires.setTime(created.getTime() + ttl);
+            ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+            ZonedDateTime expires = created.plusSeconds(ttl / 1000L);
 
             SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
             token.setToken(sct.getElement());

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
index 2a587c8..29350aa 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
@@ -19,9 +19,10 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.Base64;
 import java.util.Collection;
-import java.util.Date;
 
 import javax.security.auth.callback.CallbackHandler;
 
@@ -194,9 +195,9 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             sct.setID(wssConfig.getIdAllocator().createId("sctId-", sct));
 
             // Lifetime
-            Date created = new Date();
-            Date expires = new Date();
-            expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(exchange.getOutMessage()));
+            ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+            ZonedDateTime expires = 
+                created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(exchange.getOutMessage()) / 1000L);
 
             SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
             token.setToken(sct.getElement());

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
index 4da40f1..a2338b1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
@@ -27,9 +27,9 @@ import java.io.StringReader;
 import java.security.Key;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeParseException;
 import java.util.Map;
 
 import javax.xml.stream.XMLStreamException;
@@ -44,7 +44,6 @@ import org.apache.wss4j.common.token.Reference;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 
 
 /**
@@ -126,12 +125,12 @@ public class SecurityToken implements Serializable {
     /**
      * Created time
      */
-    private Date created;
+    private ZonedDateTime created;
 
     /**
      * Expiration time
      */
-    private Date expires;
+    private ZonedDateTime expires;
 
     /**
      * Issuer end point address
@@ -180,30 +179,22 @@ public class SecurityToken implements Serializable {
         this.id = XMLUtils.getIDFromReference(id);
     }
 
-    public SecurityToken(String id, Date created, Date expires) {
+    public SecurityToken(String id, ZonedDateTime created, ZonedDateTime expires) {
         this.id = XMLUtils.getIDFromReference(id);
 
-        if (created != null) {
-            this.created = new Date(created.getTime());
-        }
-        if (expires != null) {
-            this.expires = new Date(expires.getTime());
-        }
+        this.created = created;
+        this.expires = expires;
     }
 
     public SecurityToken(String id,
                  Element tokenElem,
-                 Date created,
-                 Date expires) {
+                 ZonedDateTime created,
+                 ZonedDateTime expires) {
         this.id = XMLUtils.getIDFromReference(id);
 
         this.token = cloneElement(tokenElem);
-        if (created != null) {
-            this.created = new Date(created.getTime());
-        }
-        if (expires != null) {
-            this.expires = new Date(expires.getTime());
-        }
+        this.created = created;
+        this.expires = expires;
     }
 
     public SecurityToken(String id,
@@ -238,16 +229,14 @@ public class SecurityToken implements Serializable {
                 DOMUtils.getFirstChildWithName(lifetimeElem,
                                                 WSConstants.WSU_NS,
                                                 WSConstants.CREATED_LN);
-            DateFormat zulu = new XmlSchemaDateFormat();
-
-            this.created = zulu.parse(DOMUtils.getContent(createdElem));
+            this.created = ZonedDateTime.parse(DOMUtils.getContent(createdElem));
 
             Element expiresElem =
                 DOMUtils.getFirstChildWithName(lifetimeElem,
                                                 WSConstants.WSU_NS,
                                                 WSConstants.EXPIRES_LN);
-            this.expires = zulu.parse(DOMUtils.getContent(expiresElem));
-        } catch (ParseException e) {
+            this.expires = ZonedDateTime.parse(DOMUtils.getContent(expiresElem));
+        } catch (DateTimeParseException e) {
             //shouldn't happen
         }
     }
@@ -359,21 +348,15 @@ public class SecurityToken implements Serializable {
     /**
      * @return Returns the created.
      */
-    public Date getCreated() {
-        if (created == null) {
-            return null;
-        }
-        return (Date)created.clone();
+    public ZonedDateTime getCreated() {
+        return created;
     }
 
     /**
      * @return Returns the expires.
      */
-    public Date getExpires() {
-        if (expires == null) {
-            return null;
-        }
-        return (Date)expires.clone();
+    public ZonedDateTime getExpires() {
+        return expires;
     }
 
     /**
@@ -381,8 +364,8 @@ public class SecurityToken implements Serializable {
      */
     public boolean isExpired() {
         if (expires != null) {
-            Date rightNow = new Date();
-            if (expires.before(rightNow)) {
+            ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
+            if (expires.isBefore(now)) {
                 return true;
             }
         }
@@ -394,9 +377,8 @@ public class SecurityToken implements Serializable {
      */
     public boolean isAboutToExpire(long secondsToExpiry) {
         if (expires != null && secondsToExpiry > 0) {
-            Date rightNow = new Date();
-            rightNow.setTime(rightNow.getTime() + (secondsToExpiry * 1000L));
-            if (expires.before(rightNow)) {
+            ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(secondsToExpiry);
+            if (expires.isBefore(now)) {
                 return true;
             }
         }
@@ -406,12 +388,8 @@ public class SecurityToken implements Serializable {
     /**
      * @param expires The expires to set.
      */
-    public void setExpires(Date expires) {
-        if (expires == null) {
-            this.expires = null;
-        } else {
-            this.expires = new Date(expires.getTime());
-        }
+    public void setExpires(ZonedDateTime expires) {
+        this.expires = expires;
     }
 
     public String getIssuerAddress() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 7615348..592c7e2 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -24,9 +24,10 @@ import java.io.StringReader;
 import java.net.URL;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Base64;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -119,6 +120,7 @@ import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.derivedKey.P_SHA1;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.token.Reference;
+import org.apache.wss4j.common.util.DateUtil;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
@@ -128,7 +130,6 @@ import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.processor.EncryptedKeyProcessor;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.dom.util.X509Util;
-import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.SPConstants.SPVersion;
 import org.apache.wss4j.policy.model.AbstractBinding;
@@ -1375,19 +1376,17 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
     }
 
     protected void addLifetime(XMLStreamWriter writer) throws XMLStreamException {
-        Date creationTime = new Date();
-        Date expirationTime = new Date();
-        expirationTime.setTime(creationTime.getTime() + ((long)ttl * 1000L));
+        ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+        ZonedDateTime expires = created.plusSeconds(ttl);
 
-        XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
         writer.writeStartElement("wst", "Lifetime", namespace);
         writer.writeNamespace("wsu", WSConstants.WSU_NS);
         writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
-        writer.writeCharacters(fmt.format(creationTime));
+        writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(created));
         writer.writeEndElement();
 
         writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
-        writer.writeCharacters(fmt.format(expirationTime));
+        writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(expires));
         writer.writeEndElement();
         writer.writeEndElement();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index 920c798..9551fb3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -23,7 +23,8 @@ import java.io.InputStream;
 import java.net.URL;
 import java.security.Key;
 import java.security.cert.X509Certificate;
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -161,9 +162,8 @@ public final class WSS4JUtils {
         }
         SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId());
         if (existingToken == null || existingToken.isExpired()) {
-            Date created = new Date();
-            Date expires = new Date();
-            expires.setTime(created.getTime() + getSecurityTokenLifetime(message));
+            ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+            ZonedDateTime expires = created.plusSeconds(getSecurityTokenLifetime(message) / 1000L); 
 
             SecurityToken cachedTok = new SecurityToken(securityToken.getId(), created, expires);
             cachedTok.setSHA1(securityToken.getSha1Identifier());

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 6144a4f..e2d77a8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -21,10 +21,11 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.net.URL;
 import java.security.cert.X509Certificate;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Date;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
@@ -1930,9 +1931,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 WSSecUsernameToken utBuilder = (WSSecUsernameToken)tempTok;
                 String id = utBuilder.getId();
 
-                Date created = new Date();
-                Date expires = new Date();
-                expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+                ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+                ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
                 SecurityToken secToken =
                     new SecurityToken(id, utBuilder.getUsernameTokenElement(), created, expires);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ae4447e..f24465d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -21,9 +21,10 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -814,9 +815,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                 String id = (String)wser.get(WSSecurityEngineResult.TAG_ID);
                 if (actInt.intValue() == WSConstants.ST_SIGNED
                     || actInt.intValue() == WSConstants.ST_UNSIGNED) {
-                    Date created = new Date();
-                    Date expires = new Date();
-                    expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+                    ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+                    ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
                     SecurityToken tempTok = new SecurityToken(id, created, expires);
                     tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
                     tempTok.setX509Certificate(

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index bd4b807..6707136 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -19,8 +19,9 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;
 
 import javax.crypto.KeyGenerator;
@@ -600,9 +601,8 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
 
     private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException {
 
-        Date created = new Date();
-        Date expires = new Date();
-        expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+        ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+        ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
         SecurityToken tempTok =
             new SecurityToken(IDGenerator.generateID(null), created, expires);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 9c6dca2..bfe8491 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -19,9 +19,10 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Base64;
-import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
 
@@ -920,9 +921,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         String id = encrKey.getId();
         byte[] secret = encrKey.getEphemeralKey();
 
-        Date created = new Date();
-        Date expires = new Date();
-        expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+        ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+        ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
         SecurityToken tempTok = new SecurityToken(
                         id,
                         encrKey.getEncryptedKeyElement(),
@@ -965,9 +965,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         String id = usernameToken.getId();
         byte[] secret = usernameToken.getDerivedKey();
 
-        Date created = new Date();
-        Date expires = new Date();
-        expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+        ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+        ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
         SecurityToken tempTok =
             new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
         tempTok.setSecret(secret);
@@ -981,9 +980,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
         if (encryptedKeyResult != null) {
             // Store it in the cache
-            Date created = new Date();
-            Date expires = new Date();
-            expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+            ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+            ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
 
             String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
             SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires);
@@ -1012,9 +1010,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                     if (utID == null || utID.length() == 0) {
                         utID = wssConfig.getIdAllocator().createId("UsernameToken-", null);
                     }
-                    Date created = new Date();
-                    Date expires = new Date();
-                    expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+                    ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+                    ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
                     SecurityToken securityToken = new SecurityToken(utID, created, expires);
 
                     byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index dea5d91..1d42a17 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -19,9 +19,10 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
 
@@ -328,9 +329,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
             String id = usernameToken.getId();
             byte[] secret = usernameToken.getDerivedKey();
 
-            Date created = new Date();
-            Date expires = new Date();
-            expires.setTime(created.getTime() + WSS4JUtils.getSecurityTokenLifetime(message));
+            ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+            ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
             SecurityToken tempTok =
                 new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
             tempTok.setSecret(secret);

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java
index 36cb32a..9a93f81 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java
@@ -18,7 +18,8 @@
  */
 package org.apache.cxf.ws.security.tokenstore;
 
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
@@ -75,8 +76,7 @@ public class MemoryTokenStoreTest extends org.junit.Assert {
     public void testTokenExpiry() {
         SecurityToken token = new SecurityToken();
 
-        Date expires = new Date();
-        expires.setTime(expires.getTime() + (5L * 60L * 1000L));
+        ZonedDateTime expires = ZonedDateTime.now(ZoneOffset.UTC).plusMinutes(5L);
         token.setExpires(expires);
 
         assertFalse(token.isExpired());

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/CacheUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/CacheUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/CacheUtils.java
index 36f5eaa..bd34aac 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/CacheUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/CacheUtils.java
@@ -20,8 +20,8 @@
 package org.apache.cxf.sts.cache;
 
 import java.security.Principal;
+import java.time.ZonedDateTime;
 import java.util.Arrays;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -40,7 +40,7 @@ public final class CacheUtils {
     public static SecurityToken createSecurityTokenForStorage(
         Element token,
         String tokenIdentifier,
-        Date expiry,
+        ZonedDateTime expiry,
         Principal principal,
         String realm,
         Renewing renewing

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
index 629292a..57390e5 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java
@@ -19,8 +19,10 @@
 
 package org.apache.cxf.sts.cache;
 
+import java.time.Duration;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.Collection;
-import java.util.Date;
 import java.util.concurrent.TimeUnit;
 
 import com.hazelcast.core.Hazelcast;
@@ -125,15 +127,16 @@ public class HazelCastTokenStore implements TokenStore {
     private int getTTL(SecurityToken token) {
         int parsedTTL = 0;
         if (token.getExpires() != null) {
-            Date expires = token.getExpires();
-            Date current = new Date();
-            long expiryTime = (expires.getTime() - current.getTime()) / 1000L;
-            if (expiryTime < 0) {
+            ZonedDateTime expires = token.getExpires();
+            ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
+            if (expires.isBefore(now)) {
                 return 0;
             }
+            
+            Duration duration = Duration.between(now, expires);
 
-            parsedTTL = (int)expiryTime;
-            if (expiryTime != (long)parsedTTL || parsedTTL > MAX_TTL) {
+            parsedTTL = (int)duration.getSeconds();
+            if (duration.getSeconds() != (long)parsedTTL || parsedTTL > MAX_TTL) {
                 // Default to configured value
                 parsedTTL = (int)ttl;
                 if (ttl != (long)parsedTTL) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index f7ec29b..6730010 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -20,8 +20,9 @@
 package org.apache.cxf.sts.operation;
 
 import java.security.Principal;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -73,10 +74,10 @@ import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferen
 import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.DateUtil;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.message.WSSecEncryptedKey;
-import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
@@ -289,25 +290,24 @@ public abstract class AbstractOperation {
      * Create a LifetimeType object given a created + expires Dates
      */
     protected static LifetimeType createLifetime(
-        Date tokenCreated, Date tokenExpires
+        ZonedDateTime tokenCreated, ZonedDateTime tokenExpires
     ) {
         AttributedDateTime created = QNameConstants.UTIL_FACTORY.createAttributedDateTime();
         AttributedDateTime expires = QNameConstants.UTIL_FACTORY.createAttributedDateTime();
 
-        Date creationTime = tokenCreated;
+        ZonedDateTime creationTime = tokenCreated;
+        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
         if (creationTime == null) {
-            creationTime = new Date();
+            creationTime = now;
         }
-        Date expirationTime = tokenExpires;
+        ZonedDateTime expirationTime = tokenExpires;
         if (expirationTime == null) {
-            expirationTime = new Date();
             long lifeTimeOfToken = 300L;
-            expirationTime.setTime(creationTime.getTime() + (lifeTimeOfToken * 1000L));
+            expirationTime = now.plusSeconds(lifeTimeOfToken);
         }
 
-        XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
-        created.setValue(fmt.format(creationTime));
-        expires.setValue(fmt.format(expirationTime));
+        created.setValue(DateUtil.getDateTimeFormatter(true).format(creationTime));
+        expires.setValue(DateUtil.getDateTimeFormatter(true).format(expirationTime));
         if (LOG.isLoggable(Level.FINE)) {
             LOG.fine("Token lifetime creation: " + created.getValue());
             LOG.fine("Token lifetime expiration: " + expires.getValue());

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
index 310a9a1..10fe618 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.sts.token.provider;
 
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -121,16 +123,10 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke
             byte[] signatureValue = assertion.getSignatureValue();
             if (tokenParameters.getTokenStore() != null && signatureValue != null
                 && signatureValue.length > 0) {
-                DateTime validTill = null;
-                if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                    validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
-                } else {
-                    validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
-                }
 
                 SecurityToken securityToken =
                     CacheUtils.createSecurityTokenForStorage(token, assertion.getId(),
-                        validTill.toDate(), tokenParameters.getPrincipal(), tokenParameters.getRealm(),
+                        assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(),
                         tokenParameters.getTokenRequirements().getRenewing());
                 CacheUtils.storeTokenInCache(
                     securityToken, tokenParameters.getTokenStore(), signatureValue);
@@ -164,8 +160,8 @@ public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements Toke
                 validFrom = assertion.getSaml1().getConditions().getNotBefore();
                 validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
             }
-            response.setCreated(validFrom.toDate());
-            response.setExpires(validTill.toDate());
+            response.setCreated(ZonedDateTime.ofInstant(validFrom.toDate().toInstant(), ZoneOffset.UTC));
+            response.setExpires(ZonedDateTime.ofInstant(validTill.toDate().toInstant(), ZoneOffset.UTC));
 
             response.setEntropy(entropyBytes);
             if (keySize > 0) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
index 11fa8b7..538119a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
@@ -19,7 +19,8 @@
 
 package org.apache.cxf.sts.token.provider;
 
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.logging.Level;
@@ -134,17 +135,15 @@ public class SCTProvider implements TokenProvider {
             response.setComputedKey(keyHandler.isComputedKey());
 
             // putting the secret key into the cache
-            Date currentDate = new Date();
-            response.setCreated(currentDate);
-            Date expires = null;
+            ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC);
+            response.setCreated(created);
+            ZonedDateTime expires = null;
             if (lifetime > 0) {
-                expires = new Date();
-                long currentTime = currentDate.getTime();
-                expires.setTime(currentTime + (lifetime * 1000L));
+                expires = created.plusSeconds(lifetime);
+                response.setExpires(expires);
             }
-            response.setExpires(expires);
 
-            SecurityToken token = new SecurityToken(sct.getIdentifier(), currentDate, expires);
+            SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
             token.setSecret(keyHandler.getSecret());
             token.setPrincipal(tokenParameters.getPrincipal());
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
index d09f5d2..feeee68 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
@@ -19,7 +19,7 @@
 
 package org.apache.cxf.sts.token.provider;
 
-import java.util.Date;
+import java.time.ZonedDateTime;
 
 /**
  * This class encapsulates the response from a TokenProvider instance after creating a token.
@@ -33,8 +33,8 @@ public class TokenProviderResponse {
     private boolean computedKey;
     private TokenReference attachedReference;
     private TokenReference unAttachedReference;
-    private Date created;
-    private Date expires;
+    private ZonedDateTime created;
+    private ZonedDateTime expires;
 
     /**
      * Return true if the entropy represents a Computed Key.
@@ -145,49 +145,35 @@ public class TokenProviderResponse {
     }
 
     /**
-     * Get the Date that this Token was Created
-     * @return the Date that this Token was Created
+     * Get the ZonedDateTime that this Token was Created
+     * @return the ZonedDateTime that this Token was Created
      */
-    public Date getCreated() {
-        if (created != null) {
-            return new Date(created.getTime());
-        }
-        return null;
+    public ZonedDateTime getCreated() {
+        return created;
     }
 
     /**
-     * Set the Date that this Token was Created
-     * @param created the Date that this Token was Created
+     * Set the ZonedDateTime that this Token was Created
+     * @param created the ZonedDateTime that this Token was Created
      */
-    public void setCreated(Date created) {
-        if (created != null) {
-            this.created = new Date(created.getTime());
-        } else {
-            this.created = null;
-        }
+    public void setCreated(ZonedDateTime created) {
+        this.created = created;
     }
 
     /**
-     * Get the Date that this Token expires
-     * @return the Date that this Token expires
+     * Get the ZonedDateTime that this Token expires
+     * @return the ZonedDateTime that this Token expires
      */
-    public Date getExpires() {
-        if (expires != null) {
-            return new Date(expires.getTime());
-        }
-        return null;
+    public ZonedDateTime getExpires() {
+        return expires;
     }
 
     /**
-     * Set the Date that this Token expires
-     * @param expires the Date that this Token expires
+     * Set the ZonedDateTime that this Token expires
+     * @param expires the ZonedDateTime that this Token expires
      */
-    public void setExpires(Date expires) {
-        if (expires != null) {
-            this.expires = new Date(expires.getTime());
-        } else {
-            this.expires = null;
-        }
+    public void setExpires(ZonedDateTime expires) {
+        this.expires = expires;
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
index 233d37a..2583d32 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
@@ -20,8 +20,10 @@
 package org.apache.cxf.sts.token.provider.jwt;
 
 import java.security.KeyStore;
+import java.time.Instant;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.Collections;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Properties;
@@ -131,11 +133,11 @@ public class JWTTokenProvider implements TokenProvider {
             response.setTokenId(claims.getTokenId());
 
             if (claims.getIssuedAt() > 0) {
-                response.setCreated(new Date(claims.getIssuedAt() * 1000L));
+                response.setCreated(Instant.ofEpochMilli(claims.getIssuedAt() * 1000L).atZone(ZoneOffset.UTC));
             }
-            Date expires = null;
+            ZonedDateTime expires = null;
             if (claims.getExpiryTime() > 0) {
-                expires = new Date(claims.getExpiryTime() * 1000L);
+                expires = Instant.ofEpochMilli(claims.getExpiryTime() * 1000L).atZone(ZoneOffset.UTC);
                 response.setExpires(expires);
             }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
index fb7906a..228b95b 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
@@ -21,6 +21,8 @@ package org.apache.cxf.sts.token.renewer;
 
 import java.security.Principal;
 import java.security.cert.Certificate;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -225,8 +227,8 @@ public class SAMLTokenRenewer extends AbstractSAMLTokenProvider implements Token
                 validFrom = renewedAssertion.getSaml1().getConditions().getNotBefore();
                 validTill = renewedAssertion.getSaml1().getConditions().getNotOnOrAfter();
             }
-            response.setCreated(validFrom.toDate());
-            response.setExpires(validTill.toDate());
+            response.setCreated(ZonedDateTime.ofInstant(validFrom.toDate().toInstant(), ZoneOffset.UTC));
+            response.setExpires(ZonedDateTime.ofInstant(validTill.toDate().toInstant(), ZoneOffset.UTC));
 
             LOG.fine("SAML Token successfully renewed");
             return response;
@@ -518,16 +520,10 @@ public class SAMLTokenRenewer extends AbstractSAMLTokenProvider implements Token
         // Store the successfully renewed token in the cache
         byte[] signatureValue = assertion.getSignatureValue();
         if (tokenStore != null && signatureValue != null && signatureValue.length > 0) {
-            DateTime validTill = null;
-            if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
-            } else {
-                validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
-            }
 
             SecurityToken securityToken =
                 CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(),
-                    validTill.toDate(), tokenParameters.getPrincipal(), tokenParameters.getRealm(),
+                    assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(),
                     tokenParameters.getTokenRequirements().getRenewing());
             CacheUtils.storeTokenInCache(
                 securityToken, tokenParameters.getTokenStore(), signatureValue);

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
index de6d687..b310828 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewerResponse.java
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.sts.token.renewer;
 
-import java.util.Date;
+import java.time.ZonedDateTime;
 
 import org.w3c.dom.Element;
 import org.apache.cxf.sts.token.provider.TokenReference;
@@ -33,9 +33,8 @@ public class TokenRenewerResponse {
     private String tokenId;
     private TokenReference attachedReference;
     private TokenReference unAttachedReference;
-    private Date created;
-    private Date expires;
-    private long lifetime;
+    private ZonedDateTime created;
+    private ZonedDateTime expires;
 
     /**
      * Set the token
@@ -102,53 +101,36 @@ public class TokenRenewerResponse {
     }
 
     /**
-     * Get the Date that this Token was Created
-     * @return the Date that this Token was Created
+     * Get the ZonedDateTime that this Token was Created
+     * @return the ZonedDateTime that this Token was Created
      */
-    public Date getCreated() {
+    public ZonedDateTime getCreated() {
         return created;
     }
 
     /**
-     * Set the Date that this Token was Created
-     * @param created the Date that this Token was Created
+     * Set the ZonedDateTime that this Token was Created
+     * @param created the ZonedDateTime that this Token was Created
      */
-    public void setCreated(Date created) {
+    public void setCreated(ZonedDateTime created) {
         this.created = created;
     }
 
     /**
-     * Get the Date that this Token expires
-     * @return the Date that this Token expires
+     * Get the ZonedDateTime that this Token expires
+     * @return the ZonedDateTime that this Token expires
      */
-    public Date getExpires() {
+    public ZonedDateTime getExpires() {
         return expires;
     }
 
     /**
-     * Set the Date that this Token expires
-     * @param expires the Date that this Token expires
+     * Set the ZonedDateTime that this Token expires
+     * @param expires the ZonedDateTime that this Token expires
      */
-    public void setExpires(Date expires) {
+    public void setExpires(ZonedDateTime expires) {
         this.expires = expires;
     }
 
-    /**
-     * Set the lifetime of the Token to be returned in seconds.
-     * @deprecated use setCreated/setExpires instead
-     * @param lifetime the lifetime of the Token to be returned in seconds
-     */
-    public void setLifetime(long lifetime) {
-        this.lifetime = lifetime;
-    }
-
-    /**
-     * Get the lifetime of the Token to be returned in seconds
-     * @deprecated use getCreated/getExpires instead
-     * @return the lifetime of the Token to be returned in seconds
-     */
-    public long getLifetime() {
-        return lifetime;
-    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
index a915b6b..47ceece 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java
@@ -327,17 +327,10 @@ public class SAMLTokenValidator implements TokenValidator {
         // Store the successfully validated token in the cache
         byte[] signatureValue = assertion.getSignatureValue();
         if (tokenStore != null && signatureValue != null && signatureValue.length > 0) {
-            DateTime validTill = null;
-            if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
-            } else {
-                validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
-            }
-
+            
             SecurityToken securityToken =
                 CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(),
-                    validTill.toDate(), principal, tokenRealm,
-                    null);
+                                                         assertion.getNotOnOrAfter(), principal, tokenRealm, null);
             CacheUtils.storeTokenInCache(securityToken, tokenStore, signatureValue);
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
index acab927..a8936fd 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/cache/HazelCastTokenStoreTest.java
@@ -18,7 +18,8 @@
  */
 package org.apache.cxf.sts.cache;
 
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
@@ -57,17 +58,13 @@ public class HazelCastTokenStoreTest extends org.junit.Assert {
     @org.junit.Test
     public void testTokenAddExpiration() throws Exception {
         SecurityToken expiredToken = new SecurityToken("expiredToken");
-        Date currentDate = new Date();
-        long currentTime = currentDate.getTime();
-        Date expiry = new Date();
-        expiry.setTime(currentTime - 5000L);
+        ZonedDateTime expiry = ZonedDateTime.now(ZoneOffset.UTC).minusSeconds(5L);
         expiredToken.setExpires(expiry);
         store.add(expiredToken);
         assertTrue(store.getTokenIdentifiers().isEmpty());
 
         SecurityToken farFutureToken = new SecurityToken("farFuture");
-        expiry = new Date();
-        expiry.setTime(Long.MAX_VALUE);
+        expiry = ZonedDateTime.now(ZoneOffset.UTC).plusYears(50L);
         farFutureToken.setExpires(expiry);
         store.add(farFutureToken);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java
index a2ad17f..69973c4 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.sts.token.provider;
 
+import java.time.Duration;
 import java.util.Date;
 import java.util.Properties;
 
@@ -75,15 +76,16 @@ public class JWTProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(requestedLifetime * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(requestedLifetime, duration);
 
         String token = (String)providerResponse.getToken();
         assertNotNull(token);
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getTime() / 1000L);
+        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().toEpochSecond());
     }
 
     /**
@@ -105,15 +107,15 @@ public class JWTProviderLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        assertEquals(providerLifetime * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(providerLifetime, duration);
 
         String token = (String)providerResponse.getToken();
         assertNotNull(token);
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getTime() / 1000L);
+        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().toEpochSecond());
     }
 
 
@@ -219,15 +221,15 @@ public class JWTProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(maxLifetime * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(maxLifetime, duration);
 
         String token = (String)providerResponse.getToken();
         assertNotNull(token);
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getTime() / 1000L);
+        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().toEpochSecond());
     }
 
     /**
@@ -260,15 +262,15 @@ public class JWTProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(50L * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(50, duration);
 
         String token = (String)providerResponse.getToken();
         assertNotNull(token);
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getTime() / 1000L);
+        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().toEpochSecond());
     }
 
     /**
@@ -317,7 +319,7 @@ public class JWTProviderLifetimeTest extends org.junit.Assert {
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getTime() / 1000L);
+        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().toEpochSecond());
     }
 
     /**
@@ -346,15 +348,15 @@ public class JWTProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(claimsProvider.getLifetime() * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(claimsProvider.getLifetime(), duration);
 
         String token = (String)providerResponse.getToken();
         assertNotNull(token);
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getTime() / 1000L);
+        assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().toEpochSecond());
     }
 
     private TokenProviderParameters createProviderParameters(String tokenType) throws WSSecurityException {

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index 7dcce5e..846f4e5 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -88,9 +88,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
         Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-        Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+        Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-        Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+        Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
     }
 
@@ -115,9 +115,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
         Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-        Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+        Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-        Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+        Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
 
         // Verify Signature
@@ -157,9 +157,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
             JwtToken jwt = jwtConsumer.getJwtToken();
             Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
             Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-            Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+            Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                                 jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-            Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+            Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                                 jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
 
             // Verify Signature
@@ -197,9 +197,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
         Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-        Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+        Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-        Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+        Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                             jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
 
         // Check that the token is stored correctly in the cache
@@ -246,9 +246,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
 
             Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
             Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-            Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+            Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                                 jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-            Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+            Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                                 jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
         }
 
@@ -300,9 +300,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
 
                 Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
                 Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-                Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+                Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                                     jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-                Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+                Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                                     jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
             }
         } finally {
@@ -347,9 +347,9 @@ public class JWTTokenProviderTest extends org.junit.Assert {
 
             Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
             Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
-            Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L,
+            Assert.assertEquals(providerResponse.getCreated().toEpochSecond(),
                                 jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
-            Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L,
+            Assert.assertEquals(providerResponse.getExpires().toEpochSecond(),
                                 jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
         }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
index 3475c9c..75f7199 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.sts.token.provider;
 
+import java.time.Duration;
 import java.util.Date;
 import java.util.Properties;
 
@@ -78,8 +79,8 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(requestedLifetime * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(requestedLifetime, duration);
         Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
@@ -109,8 +110,8 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(providerLifetime * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(providerLifetime, duration);
         Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
@@ -231,8 +232,9 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(maxLifetime * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(maxLifetime, duration);
         Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
@@ -271,8 +273,9 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(50L * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(50, duration);
         Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
@@ -356,8 +359,9 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        assertEquals(conditionsProvider.getLifetime() * 1000L, providerResponse.getExpires().getTime()
-                     - providerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
+        assertEquals(conditionsProvider.getLifetime(), duration);
         Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
index 7e680bb..ecd816a 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.sts.token.renewer;
 
+import java.time.Duration;
 import java.util.Date;
 import java.util.Properties;
 
@@ -110,8 +111,9 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert {
         TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
         assertTrue(renewerResponse != null);
         assertTrue(renewerResponse.getToken() != null);
-        assertEquals(requestedLifetime * 1000L, renewerResponse.getExpires().getTime()
-                     - renewerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
+        assertEquals(requestedLifetime, duration);
     }
 
 
@@ -151,8 +153,9 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert {
         TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
         assertTrue(renewerResponse != null);
         assertTrue(renewerResponse.getToken() != null);
-        assertEquals(providerLifetime * 1000L, renewerResponse.getExpires().getTime()
-                     - renewerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
+        assertEquals(providerLifetime, duration);
     }
 
 
@@ -311,8 +314,9 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert {
         TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
         assertTrue(renewerResponse != null);
         assertTrue(renewerResponse.getToken() != null);
-        assertEquals(maxLifetime * 1000L, renewerResponse.getExpires().getTime()
-                     - renewerResponse.getCreated().getTime());
+        
+        long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
+        assertEquals(maxLifetime, duration);
     }
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java
index a70aaf9..2ff425f 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java
@@ -19,7 +19,8 @@
 package org.apache.cxf.systest.sts.caching;
 
 import java.net.URL;
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
@@ -195,9 +196,7 @@ public class CachingTest extends AbstractBusClientServerTestBase {
         assertNotNull(tok);
 
         // Make the token "about to expire"
-        Date expiredDate = new Date();
-        expiredDate.setTime(expiredDate.getTime() + 5000L);
-        tok.setExpires(expiredDate);
+        tok.setExpires(ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(5L));
         assertTrue(tok.isAboutToExpire(10L));
 
         doubleIt(port, 25);

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java
index f0db501..3e990b5 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java
@@ -53,8 +53,6 @@ import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.dom.WSConstants;
-import org.joda.time.DateTime;
-import org.opensaml.saml.common.SAMLVersion;
 
 /**
  * A TokenProvider implementation that provides a SAML Token that contains a Symmetric Key that is obtained
@@ -113,17 +111,8 @@ public class SCTSAMLTokenProvider implements TokenProvider {
                 response.setTokenId(token.getAttributeNS(null, "AssertionID"));
             }
 
-            DateTime validFrom = null;
-            DateTime validTill = null;
-            if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                validFrom = assertion.getSaml2().getConditions().getNotBefore();
-                validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
-            } else {
-                validFrom = assertion.getSaml1().getConditions().getNotBefore();
-                validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
-            }
-            response.setCreated(validFrom.toDate());
-            response.setExpires(validTill.toDate());
+            response.setCreated(assertion.getNotBefore());
+            response.setExpires(assertion.getNotOnOrAfter());
 
             response.setEntropy(entropyBytes);
             if (keySize > 0) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
index eace131..2a9c4da 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
@@ -26,7 +26,8 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -328,7 +329,7 @@ public class STSTokenOutInterceptorTest extends AbstractBusClientServerTestBase
         Assert.assertNotNull(token);
         Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType());
         Assert.assertNotNull(token.getId());
-        Assert.assertTrue(token.getExpires().after(new Date()));
+        Assert.assertTrue(token.getExpires().isAfter(ZonedDateTime.now(ZoneOffset.UTC)));
         Assert.assertEquals("Assertion", token.getToken().getLocalName());
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/de61a48b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
index f95edbc..bb7f594 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
@@ -26,7 +26,8 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
-import java.util.Date;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -266,7 +267,7 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase {
         Assert.assertNotNull(token);
         Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType());
         Assert.assertNotNull(token.getId());
-        Assert.assertTrue(token.getExpires().after(new Date()));
+        Assert.assertTrue(token.getExpires().isAfter(ZonedDateTime.now(ZoneOffset.UTC)));
         Assert.assertEquals("Assertion", token.getToken().getLocalName());
     }
 


Mime
View raw message