Finished Java 8 DateTime work
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/06588cac Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/06588cac Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/06588cac Branch: refs/heads/master Commit: 06588cac671464bb900453919cad18b3e47a8d4b Parents: a4b9845 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Mar 22 10:50:48 2017 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Mar 22 10:50:48 2017 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/jose/jwt/JwtUtils.java | 38 +++++++------- .../filters/AccessTokenIntrospectionClient.java | 5 +- .../oauth2/filters/JwtAccessTokenValidator.java | 5 +- ...AbstractRequestAssertionConsumerHandler.java | 9 ++-- .../security/saml/sso/AbstractSSOSpHandler.java | 14 ++--- .../saml/sso/SAMLSSOResponseValidator.java | 22 ++++---- .../security/saml/sso/SSOValidatorResponse.java | 14 ++--- .../policy/interceptors/STSInvoker.java | 11 ++-- .../SecureConversationInInterceptor.java | 9 ++-- .../SpnegoContextTokenInInterceptor.java | 9 ++-- .../security/tokenstore/MemoryTokenStore.java | 8 ++- .../ws/security/tokenstore/SecurityToken.java | 9 ++-- .../ws/security/trust/AbstractSTSClient.java | 10 ++-- .../cxf/ws/security/wss4j/WSS4JUtils.java | 9 ++-- .../policyhandlers/AbstractBindingBuilder.java | 19 ++++--- .../AsymmetricBindingHandler.java | 9 ++-- .../StaxSymmetricBindingHandler.java | 9 ++-- .../policyhandlers/SymmetricBindingHandler.java | 29 +++++------ .../policyhandlers/TransportBindingHandler.java | 11 ++-- .../tokenstore/MemoryTokenStoreTest.java | 7 ++- .../cxf/sts/cache/HazelCastTokenStore.java | 8 ++- .../cxf/sts/operation/AbstractOperation.java | 21 ++++---- .../provider/DefaultConditionsProvider.java | 12 ++--- .../cxf/sts/token/provider/SCTProvider.java | 13 +++-- .../provider/jwt/DefaultJWTClaimsProvider.java | 20 ++++---- .../apache/cxf/sts/operation/IssueUnitTest.java | 10 ++-- .../cxf/sts/operation/RenewSamlUnitTest.java | 10 ++-- .../token/provider/JWTProviderLifetimeTest.java | 54 ++++++++++---------- .../provider/SAMLProviderLifetimeTest.java | 54 ++++++++++---------- .../renewer/SAMLTokenRenewerLifetimeTest.java | 42 +++++++-------- .../token/renewer/SAMLTokenRenewerPOPTest.java | 13 ++--- .../renewer/SAMLTokenRenewerRealmTest.java | 13 ++--- .../sts/token/renewer/SAMLTokenRenewerTest.java | 13 ++--- .../token/validator/SAMLTokenValidatorTest.java | 12 ++--- .../systest/sts/batch/SimpleBatchSTSClient.java | 10 ++-- .../cxf/systest/sts/caching/CachingTest.java | 5 +- .../stsclient/STSTokenOutInterceptorTest.java | 5 +- .../sts/stsclient/STSTokenRetrieverTest.java | 5 +- .../cxf/xkms/x509/validator/DateValidator.java | 7 ++- .../security/jose/jwt/JWTAlgorithmTest.java | 36 ++++++------- .../security/jose/jwt/JWTAuthnAuthzTest.java | 12 ++--- .../security/oauth2/common/OAuth2TestUtils.java | 9 ++-- .../grants/AuthorizationGrantNegativeTest.java | 9 ++-- .../security/oidc/IdTokenProviderImpl.java | 9 ++-- .../jaxrs/security/oidc/OIDCFlowTest.java | 6 +-- .../jaxrs/security/oidc/OIDCNegativeTest.java | 6 +-- 46 files changed, 329 insertions(+), 341 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java index 844c229..9ea3904 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java @@ -18,7 +18,7 @@ */ package org.apache.cxf.rs.security.jose.jwt; -import java.util.Date; +import java.time.Instant; import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; import org.apache.cxf.message.Message; @@ -49,12 +49,12 @@ public final class JwtUtils { } return; } - Date rightNow = new Date(); - Date expiresDate = new Date(expiryTime * 1000L); + Instant now = Instant.now(); + Instant expires = Instant.ofEpochMilli(expiryTime * 1000L); if (clockOffset != 0) { - expiresDate.setTime(expiresDate.getTime() + (long)clockOffset * 1000L); + expires = expires.plusSeconds(clockOffset); } - if (expiresDate.before(rightNow)) { + if (expires.isBefore(now)) { throw new JwtException("The token has expired"); } } @@ -68,15 +68,14 @@ public final class JwtUtils { return; } - Date validCreation = new Date(); - long currentTime = validCreation.getTime(); + Instant validCreation = Instant.now(); if (clockOffset != 0) { - validCreation.setTime(currentTime + (long)clockOffset * 1000L); + validCreation = validCreation.plusSeconds(clockOffset); } - Date notBeforeDate = new Date(notBeforeTime * 1000L); + Instant notBeforeDate = Instant.ofEpochMilli(notBeforeTime * 1000L); // Check to see if the not before time is in the future - if (notBeforeDate.after(validCreation)) { + if (notBeforeDate.isAfter(validCreation)) { throw new JwtException("The token cannot be accepted yet"); } } @@ -90,25 +89,24 @@ public final class JwtUtils { return; } - Date createdDate = new Date(issuedAtInSecs * 1000L); - Date validCreation = new Date(); - long currentTime = validCreation.getTime(); - if (clockOffset > 0) { - validCreation.setTime(currentTime + (long)clockOffset * 1000L); + Instant createdDate = Instant.ofEpochMilli(issuedAtInSecs * 1000L); + + Instant validCreation = Instant.now(); + if (clockOffset != 0) { + validCreation = validCreation.plusSeconds(clockOffset); } - + // Check to see if the IssuedAt time is in the future - if (createdDate.after(validCreation)) { + if (createdDate.isAfter(validCreation)) { throw new JwtException("Invalid issuedAt"); } if (timeToLive > 0) { // Calculate the time that is allowed for the message to travel - currentTime -= (long)timeToLive * 1000L; - validCreation.setTime(currentTime); + validCreation = validCreation.minusSeconds(timeToLive); // Validate the time it took the message to travel - if (createdDate.before(validCreation)) { + if (createdDate.isBefore(validCreation)) { throw new JwtException("Invalid issuedAt"); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java index 0e86a2a..f5aba4b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenIntrospectionClient.java @@ -18,8 +18,8 @@ */ package org.apache.cxf.rs.security.oauth2.filters; +import java.time.Instant; import java.util.Collections; -import java.util.Date; import java.util.LinkedList; import java.util.List; @@ -70,7 +70,8 @@ public class AccessTokenIntrospectionClient implements AccessTokenValidator { if (response.getIat() != null) { atv.setTokenIssuedAt(response.getIat()); } else { - atv.setTokenIssuedAt(new Date().getTime()); + Instant now = Instant.now(); + atv.setTokenIssuedAt(now.toEpochMilli()); } if (response.getExp() != null) { atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java index a1f3b0f..e9388b9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java @@ -18,8 +18,8 @@ */ package org.apache.cxf.rs.security.oauth2.filters; +import java.time.Instant; import java.util.Collections; -import java.util.Date; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -74,7 +74,8 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo if (claims.getIssuedAt() != null) { atv.setTokenIssuedAt(claims.getIssuedAt()); } else { - atv.setTokenIssuedAt(new Date().getTime()); + Instant now = Instant.now(); + atv.setTokenIssuedAt(now.toEpochMilli()); } if (claims.getExpiryTime() != null) { atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java index ffca76f..e9c0e16 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java @@ -24,7 +24,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.net.URI; import java.nio.charset.StandardCharsets; -import java.util.Date; +import java.time.Instant; import java.util.ResourceBundle; import java.util.UUID; import java.util.logging.Level; @@ -178,10 +178,10 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS String securityContextKey = UUID.randomUUID().toString(); long currentTime = System.currentTimeMillis(); - Date notOnOrAfter = validatorResponse.getSessionNotOnOrAfter(); + Instant notOnOrAfter = validatorResponse.getSessionNotOnOrAfter(); long expiresAt = 0; if (notOnOrAfter != null) { - expiresAt = notOnOrAfter.getTime(); + expiresAt = notOnOrAfter.toEpochMilli(); } else { expiresAt = currentTime + getStateTimeToLive(); } @@ -221,13 +221,14 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS } // Otherwise create a new one for the IdP initiated case + Instant now = Instant.now(); return new RequestState(urlToForwardTo, getIdpServiceAddress(), null, getIssuerId(JAXRSUtils.getCurrentMessage()), "/", null, - new Date().getTime()); + now.toEpochMilli()); } if (relayState == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java index 5efd79a..e4d81bb 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractSSOSpHandler.java @@ -19,7 +19,8 @@ package org.apache.cxf.rs.security.saml.sso; import java.io.IOException; -import java.util.Date; +import java.time.Instant; +import java.time.ZoneOffset; import java.util.Properties; import java.util.logging.Level; import java.util.logging.Logger; @@ -125,8 +126,8 @@ public class AbstractSSOSpHandler { // Note that the Expires property has been deprecated but apparently is // supported better than 'max-age' property by different browsers // (Firefox, IE, etc) - Date expiresDate = new Date(System.currentTimeMillis() + stateTimeToLive); - String cookieExpires = HttpUtils.getHttpDateFormat().format(expiresDate); + Instant expires = Instant.ofEpochMilli(System.currentTimeMillis() + stateTimeToLive); + String cookieExpires = HttpUtils.getHttpDateFormat().format(expires.atZone(ZoneOffset.UTC)); contextCookie += ";Expires=" + cookieExpires; //TODO: Consider adding an 'HttpOnly' attribute @@ -134,12 +135,13 @@ public class AbstractSSOSpHandler { } protected boolean isStateExpired(long stateCreatedAt, long expiresAt) { - Date currentTime = new Date(); - if (currentTime.after(new Date(stateCreatedAt + getStateTimeToLive()))) { + Instant currentTime = Instant.now(); + Instant expires = Instant.ofEpochMilli(stateCreatedAt + getStateTimeToLive()); + if (currentTime.isAfter(expires)) { return true; } - return expiresAt > 0 && currentTime.after(new Date(expiresAt)); + return expiresAt > 0 && currentTime.isAfter(Instant.ofEpochMilli(expiresAt)); } public void setStateProvider(SPStateManager stateProvider) { http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java index 0d7af23..19304d8 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java @@ -18,7 +18,8 @@ */ package org.apache.cxf.rs.security.saml.sso; -import java.util.Date; +import java.time.Duration; +import java.time.Instant; import java.util.List; import java.util.logging.Logger; @@ -100,7 +101,7 @@ public class SAMLSSOResponseValidator { // Validate Assertions org.opensaml.saml.saml2.core.Assertion validAssertion = null; - Date sessionNotOnOrAfter = null; + Instant sessionNotOnOrAfter = null; for (org.opensaml.saml.saml2.core.Assertion assertion : samlResponse.getAssertions()) { // Check the Issuer if (assertion.getIssuer() == null) { @@ -126,12 +127,15 @@ public class SAMLSSOResponseValidator { // Store Session NotOnOrAfter for (AuthnStatement authnStatment : assertion.getAuthnStatements()) { if (authnStatment.getSessionNotOnOrAfter() != null) { - sessionNotOnOrAfter = authnStatment.getSessionNotOnOrAfter().toDate(); + sessionNotOnOrAfter = + Instant.ofEpochMilli(authnStatment.getSessionNotOnOrAfter().toDate().getTime()); } } // Fall back to the SubjectConfirmationData NotOnOrAfter if we have no session NotOnOrAfter if (sessionNotOnOrAfter == null) { - sessionNotOnOrAfter = subjectConf.getSubjectConfirmationData().getNotOnOrAfter().toDate(); + sessionNotOnOrAfter = + Instant.ofEpochMilli(subjectConf.getSubjectConfirmationData() + .getNotOnOrAfter().toDate().getTime()); } } } @@ -147,7 +151,7 @@ public class SAMLSSOResponseValidator { validatorResponse.setResponseId(samlResponse.getID()); validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter); if (samlResponse.getIssueInstant() != null) { - validatorResponse.setCreated(samlResponse.getIssueInstant().toDate()); + validatorResponse.setCreated(Instant.ofEpochMilli(samlResponse.getIssueInstant().toDate().getTime())); } Element assertionElement = validAssertion.getDOM(); @@ -234,10 +238,10 @@ public class SAMLSSOResponseValidator { // Need to keep bearer assertion IDs based on NotOnOrAfter to detect replay attacks if (postBinding && replayCache != null) { if (replayCache.getId(id) == null) { - Date expires = subjectConfData.getNotOnOrAfter().toDate(); - Date currentTime = new Date(); - long ttl = expires.getTime() - currentTime.getTime(); - replayCache.putId(id, ttl / 1000L); + Instant expires = Instant.ofEpochMilli(subjectConfData.getNotOnOrAfter().toDate().getTime()); + Instant currentTime = Instant.now(); + long ttl = Duration.between(currentTime, expires).getSeconds(); + replayCache.putId(id, ttl); } else { LOG.fine("Replay attack with token id: " + id); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOValidatorResponse.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOValidatorResponse.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOValidatorResponse.java index 6c0b59c..ee6d3eb 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOValidatorResponse.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOValidatorResponse.java @@ -18,7 +18,7 @@ */ package org.apache.cxf.rs.security.saml.sso; -import java.util.Date; +import java.time.Instant; import org.w3c.dom.Element; @@ -26,8 +26,8 @@ import org.w3c.dom.Element; * Some information that encapsulates a successful validation by the SAMLSSOResponseValidator */ public class SSOValidatorResponse { - private Date sessionNotOnOrAfter; - private Date created; + private Instant sessionNotOnOrAfter; + private Instant created; private String responseId; private String assertion; private Element assertionElement; @@ -40,11 +40,11 @@ public class SSOValidatorResponse { this.assertion = assertion; } - public Date getSessionNotOnOrAfter() { + public Instant getSessionNotOnOrAfter() { return sessionNotOnOrAfter; } - public void setSessionNotOnOrAfter(Date sessionNotOnOrAfter) { + public void setSessionNotOnOrAfter(Instant sessionNotOnOrAfter) { this.sessionNotOnOrAfter = sessionNotOnOrAfter; } @@ -64,11 +64,11 @@ public class SSOValidatorResponse { this.assertionElement = assertionElement; } - public Date getCreated() { + public Instant getCreated() { return created; } - public void setCreated(Date created) { + public void setCreated(Instant created) { this.created = created; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java index b8b520b..396dcad 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java @@ -20,7 +20,8 @@ package org.apache.cxf.ws.security.policy.interceptors; import java.security.NoSuchAlgorithmException; -import java.time.ZonedDateTime; +import java.time.Instant; +import java.time.ZoneOffset; import java.util.Base64; import java.util.logging.Logger; @@ -286,19 +287,19 @@ abstract class STSInvoker implements Invoker { void writeLifetime( W3CDOMStreamWriter writer, - ZonedDateTime created, - ZonedDateTime expires, + Instant created, + Instant expires, String prefix, String namespace ) throws Exception { writer.writeStartElement(prefix, "Lifetime", namespace); writer.writeNamespace("wsu", WSConstants.WSU_NS); writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS); - writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(created)); + writer.writeCharacters(created.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS); - writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(expires)); + writer.writeCharacters(expires.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); writer.writeEndElement(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java index 36f163d..648706f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java @@ -19,8 +19,7 @@ package org.apache.cxf.ws.security.policy.interceptors; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.ArrayList; import java.util.Base64; import java.util.Collection; @@ -376,10 +375,10 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa .createSecureId("sctId-", sct.getElement())); } - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(ttl / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(ttl / 1000L); - SecurityToken token = new SecurityToken(sct.getIdentifier(), created.toInstant(), expires.toInstant()); + SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires); token.setToken(sct.getElement()); token.setTokenType(sct.getTokenType()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java index 0032128..21c42d8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java @@ -19,8 +19,7 @@ package org.apache.cxf.ws.security.policy.interceptors; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.Base64; import java.util.Collection; @@ -195,11 +194,11 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa sct.setID(wssConfig.getIdAllocator().createId("sctId-", sct)); // Lifetime - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(exchange.getOutMessage()) / 1000L); - SecurityToken token = new SecurityToken(sct.getIdentifier(), created.toInstant(), expires.toInstant()); + SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires); token.setToken(sct.getElement()); token.setTokenType(sct.getTokenType()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java index 731c181..019ed5d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java @@ -20,8 +20,6 @@ package org.apache.cxf.ws.security.tokenstore; import java.time.Instant; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.Collection; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; @@ -86,7 +84,7 @@ public class MemoryTokenStore implements TokenStore { } protected void processTokenExpiry() { - Instant current = ZonedDateTime.now(ZoneOffset.UTC).toInstant(); + Instant current = Instant.now(); synchronized (tokens) { for (Map.Entry<String, CacheEntry> entry : tokens.entrySet()) { if (entry.getValue().getExpiry().isBefore(current)) { @@ -97,8 +95,8 @@ public class MemoryTokenStore implements TokenStore { } private CacheEntry createCacheEntry(SecurityToken token) { - ZonedDateTime expires = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(ttl); - return new CacheEntry(token, expires.toInstant()); + Instant expires = Instant.now().plusSeconds(ttl); + return new CacheEntry(token, expires); } private static class CacheEntry { http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java index 181d900..eac0b0c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java @@ -28,7 +28,6 @@ import java.security.Key; import java.security.Principal; import java.security.cert.X509Certificate; import java.time.Instant; -import java.time.ZoneOffset; import java.time.ZonedDateTime; import java.time.format.DateTimeParseException; import java.util.Map; @@ -365,8 +364,8 @@ public class SecurityToken implements Serializable { */ public boolean isExpired() { if (expires != null) { - ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); - if (expires.isBefore(now.toInstant())) { + Instant now = Instant.now(); + if (expires.isBefore(now)) { return true; } } @@ -378,8 +377,8 @@ public class SecurityToken implements Serializable { */ public boolean isAboutToExpire(long secondsToExpiry) { if (expires != null && secondsToExpiry > 0) { - ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(secondsToExpiry); - if (expires.isBefore(now.toInstant())) { + Instant now = Instant.now().plusSeconds(secondsToExpiry); + if (expires.isBefore(now)) { return true; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java index 592c7e2..830195f 100755 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java @@ -24,8 +24,8 @@ import java.io.StringReader; import java.net.URL; import java.security.PublicKey; import java.security.cert.X509Certificate; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.Base64; import java.util.HashMap; @@ -1376,17 +1376,17 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv } protected void addLifetime(XMLStreamWriter writer) throws XMLStreamException { - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(ttl); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(ttl); writer.writeStartElement("wst", "Lifetime", namespace); writer.writeNamespace("wsu", WSConstants.WSU_NS); writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS); - writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(created)); + writer.writeCharacters(created.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS); - writer.writeCharacters(DateUtil.getDateTimeFormatter(true).format(expires)); + writer.writeCharacters(expires.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); writer.writeEndElement(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index 46506e9..cc79367 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -23,8 +23,7 @@ import java.io.InputStream; import java.net.URL; import java.security.Key; import java.security.cert.X509Certificate; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.List; import java.util.Map; import java.util.Properties; @@ -162,11 +161,11 @@ public final class WSS4JUtils { } SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId()); if (existingToken == null || existingToken.isExpired()) { - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(getSecurityTokenLifetime(message) / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken cachedTok = - new SecurityToken(securityToken.getId(), created.toInstant(), expires.toInstant()); + new SecurityToken(securityToken.getId(), created, expires); cachedTok.setSHA1(securityToken.getSha1Identifier()); if (securityToken.getTokenType() != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 446f36a..ce689b3 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -21,8 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; import java.net.URL; import java.security.cert.X509Certificate; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -545,8 +544,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return ret; } - private SupportingToken signSupportingToken(SecurityToken secToken, String id, - AbstractToken token, SupportingTokens suppTokens) + private SupportingToken signSupportingToken(SecurityToken secToken, String id, + AbstractToken token, SupportingTokens suppTokens) throws SOAPException { WSSecSignature sig = new WSSecSignature(secHeader); sig.setIdAllocator(wssConfig.getIdAllocator()); @@ -1931,12 +1930,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle WSSecUsernameToken utBuilder = (WSSecUsernameToken)tempTok; String id = utBuilder.getId(); - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); - SecurityToken secToken = new SecurityToken(id, - utBuilder.getUsernameTokenElement(), - created.toInstant(), - expires.toInstant()); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + SecurityToken secToken = new SecurityToken(id, + utBuilder.getUsernameTokenElement(), + created, + expires); if (isTokenProtection) { sigParts.add(new WSEncryptionPart(secToken.getId())); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 80f162a..33434b8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -21,8 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; import java.security.PublicKey; import java.security.cert.X509Certificate; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -815,9 +814,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { String id = (String)wser.get(WSSecurityEngineResult.TAG_ID); if (actInt.intValue() == WSConstants.ST_SIGNED || actInt.intValue() == WSConstants.ST_UNSIGNED) { - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); - SecurityToken tempTok = new SecurityToken(id, created.toInstant(), expires.toInstant()); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + SecurityToken tempTok = new SecurityToken(id, created, expires); tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET)); tempTok.setX509Certificate( (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE), null http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java index 8aa4ea2..6c80607 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java @@ -19,8 +19,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.ArrayList; import java.util.List; @@ -601,10 +600,10 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException { - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken tempTok = - new SecurityToken(IDGenerator.generateID(null), created.toInstant(), expires.toInstant()); + new SecurityToken(IDGenerator.generateID(null), created, expires); KeyGenerator keyGenerator = KeyUtils.getKeyGenerator(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 3e06d84..f705f84 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -19,8 +19,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.ArrayList; import java.util.Base64; import java.util.List; @@ -921,13 +920,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { String id = encrKey.getId(); byte[] secret = encrKey.getEphemeralKey(); - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken tempTok = new SecurityToken( id, encrKey.getEncryptedKeyElement(), - created.toInstant(), - expires.toInstant()); + created, + expires); tempTok.setSecret(secret); @@ -965,10 +964,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { String id = usernameToken.getId(); byte[] secret = usernameToken.getDerivedKey(); - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken tempTok = - new SecurityToken(id, usernameToken.getUsernameTokenElement(), created.toInstant(), expires.toInstant()); + new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires); tempTok.setSecret(secret); tokenStore.add(tempTok); @@ -980,11 +979,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult(); if (encryptedKeyResult != null) { // Store it in the cache - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID); - SecurityToken securityToken = new SecurityToken(encryptedKeyID, created.toInstant(), expires.toInstant()); + SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires); securityToken.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET)); securityToken.setSHA1(getSHA1((byte[])encryptedKeyResult .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY))); @@ -1010,9 +1009,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { if (utID == null || utID.length() == 0) { utID = wssConfig.getIdAllocator().createId("UsernameToken-", null); } - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); - SecurityToken securityToken = new SecurityToken(utID, created.toInstant(), expires.toInstant()); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + SecurityToken securityToken = new SecurityToken(utID, created, expires); byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET); securityToken.setSecret(secret); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java index a8ef6fe..ff9b311 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java @@ -19,8 +19,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -329,12 +328,12 @@ public class TransportBindingHandler extends AbstractBindingBuilder { String id = usernameToken.getId(); byte[] secret = usernameToken.getDerivedKey(); - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); + Instant created = Instant.now(); + Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L); SecurityToken tempTok = new SecurityToken(id, usernameToken.getUsernameTokenElement(), - created.toInstant(), - expires.toInstant()); + created, + expires); tempTok.setSecret(secret); getTokenStore().add(tempTok); message.put(SecurityConstants.TOKEN_ID, tempTok.getId()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java index faba41e..2edfd87 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStoreTest.java @@ -18,8 +18,7 @@ */ package org.apache.cxf.ws.security.tokenstore; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageImpl; @@ -76,8 +75,8 @@ public class MemoryTokenStoreTest extends org.junit.Assert { public void testTokenExpiry() { SecurityToken token = new SecurityToken(); - ZonedDateTime expires = ZonedDateTime.now(ZoneOffset.UTC).plusMinutes(5L); - token.setExpires(expires.toInstant()); + Instant expires = Instant.now().plusSeconds(5L * 60L); + token.setExpires(expires); assertFalse(token.isExpired()); assertFalse(token.isAboutToExpire(100L)); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java index c847e4d..28ab73a 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/HazelCastTokenStore.java @@ -21,8 +21,6 @@ package org.apache.cxf.sts.cache; import java.time.Duration; import java.time.Instant; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.Collection; import java.util.concurrent.TimeUnit; @@ -129,12 +127,12 @@ public class HazelCastTokenStore implements TokenStore { int parsedTTL = 0; if (token.getExpires() != null) { Instant expires = token.getExpires(); - ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); - if (expires.isBefore(now.toInstant())) { + Instant now = Instant.now(); + if (expires.isBefore(now)) { return 0; } - Duration duration = Duration.between(now.toInstant(), expires); + Duration duration = Duration.between(now, expires); parsedTTL = (int)duration.getSeconds(); if (duration.getSeconds() != (long)parsedTTL || parsedTTL > MAX_TTL) { http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java index 816bf91..991e07e 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java @@ -22,7 +22,6 @@ package org.apache.cxf.sts.operation; import java.security.Principal; import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -296,20 +295,20 @@ public abstract class AbstractOperation { AttributedDateTime created = QNameConstants.UTIL_FACTORY.createAttributedDateTime(); AttributedDateTime expires = QNameConstants.UTIL_FACTORY.createAttributedDateTime(); - ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime creationTime = now; - if (tokenCreated != null) { - creationTime = ZonedDateTime.ofInstant(tokenCreated, ZoneOffset.UTC); + Instant now = Instant.now(); + Instant creationTime = tokenCreated; + if (tokenCreated == null) { + creationTime = now; } - long lifeTimeOfToken = 300L; - ZonedDateTime expirationTime = now.plusSeconds(lifeTimeOfToken); - if (tokenExpires != null) { - expirationTime = ZonedDateTime.ofInstant(tokenExpires, ZoneOffset.UTC); + Instant expirationTime = tokenExpires; + if (tokenExpires == null) { + long lifeTimeOfToken = 300L; + expirationTime = now.plusSeconds(lifeTimeOfToken); } - created.setValue(DateUtil.getDateTimeFormatter(true).format(creationTime)); - expires.setValue(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + created.setValue(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + expires.setValue(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); if (LOG.isLoggable(Level.FINE)) { LOG.fine("Token lifetime creation: " + created.getValue()); LOG.fine("Token lifetime expiration: " + expires.getValue()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java index 05bc25c..e6ec9d1 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java @@ -19,7 +19,7 @@ package org.apache.cxf.sts.token.provider; import java.time.Duration; -import java.time.ZoneOffset; +import java.time.Instant; import java.time.ZonedDateTime; import java.time.format.DateTimeParseException; import java.util.ArrayList; @@ -141,11 +141,11 @@ public class DefaultConditionsProvider implements ConditionsProvider { if (lifetime > 0) { if (acceptClientLifetime && tokenLifetime != null && tokenLifetime.getCreated() != null && tokenLifetime.getExpires() != null) { - ZonedDateTime creationTime = null; - ZonedDateTime expirationTime = null; + Instant creationTime = null; + Instant expirationTime = null; try { - creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()); - expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()); + creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()).toInstant(); + expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()).toInstant(); } catch (DateTimeParseException ex) { LOG.fine("Error in parsing Timestamp Created or Expiration Strings"); throw new STSException( @@ -155,7 +155,7 @@ public class DefaultConditionsProvider implements ConditionsProvider { } // Check to see if the created time is in the future - ZonedDateTime validCreation = ZonedDateTime.now(ZoneOffset.UTC); + Instant validCreation = Instant.now(); if (futureTimeToLive > 0) { validCreation = validCreation.plusSeconds(futureTimeToLive); } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java index d875b04..2cbd37a 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java @@ -19,8 +19,7 @@ package org.apache.cxf.sts.token.provider; -import java.time.ZoneOffset; -import java.time.ZonedDateTime; +import java.time.Instant; import java.util.HashMap; import java.util.Map; import java.util.logging.Level; @@ -135,16 +134,16 @@ public class SCTProvider implements TokenProvider { response.setComputedKey(keyHandler.isComputedKey()); // putting the secret key into the cache - ZonedDateTime created = ZonedDateTime.now(ZoneOffset.UTC); - response.setCreated(created.toInstant()); - ZonedDateTime expires = null; + Instant created = Instant.now(); + response.setCreated(created); + Instant expires = null; if (lifetime > 0) { expires = created.plusSeconds(lifetime); - response.setExpires(expires.toInstant()); + response.setExpires(expires); } SecurityToken token = - new SecurityToken(sct.getIdentifier(), created.toInstant(), expires.toInstant()); + new SecurityToken(sct.getIdentifier(), created, expires); token.setSecret(keyHandler.getSecret()); token.setPrincipal(tokenParameters.getPrincipal()); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java index 3b26f0d..92c7b32b 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java @@ -20,7 +20,7 @@ package org.apache.cxf.sts.token.provider.jwt; import java.security.Principal; import java.time.Duration; -import java.time.ZoneOffset; +import java.time.Instant; import java.time.ZonedDateTime; import java.time.format.DateTimeParseException; import java.util.ArrayList; @@ -168,8 +168,8 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider { protected void handleConditions(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) { TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters(); - ZonedDateTime currentDate = ZonedDateTime.now(ZoneOffset.UTC); - long currentTime = currentDate.toEpochSecond(); + Instant currentDate = Instant.now(); + long currentTime = currentDate.getEpochSecond(); // Set the defaults first claims.setIssuedAt(currentTime); @@ -179,11 +179,11 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider { Lifetime tokenLifetime = providerParameters.getTokenRequirements().getLifetime(); if (lifetime > 0 && acceptClientLifetime && tokenLifetime != null && tokenLifetime.getCreated() != null && tokenLifetime.getExpires() != null) { - ZonedDateTime creationTime = null; - ZonedDateTime expirationTime = null; + Instant creationTime = null; + Instant expirationTime = null; try { - creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()); - expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()); + creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()).toInstant(); + expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()).toInstant(); } catch (DateTimeParseException ex) { LOG.fine("Error in parsing Timestamp Created or Expiration Strings"); throw new STSException( @@ -193,7 +193,7 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider { } // Check to see if the created time is in the future - ZonedDateTime validCreation = ZonedDateTime.now(ZoneOffset.UTC); + Instant validCreation = Instant.now(); if (futureTimeToLive > 0) { validCreation = validCreation.plusSeconds(futureTimeToLive); } @@ -217,10 +217,10 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider { } } - long creationTimeInSeconds = creationTime.toEpochSecond(); + long creationTimeInSeconds = creationTime.getEpochSecond(); claims.setIssuedAt(creationTimeInSeconds); claims.setNotBefore(creationTimeInSeconds); - claims.setExpiryTime(expirationTime.toEpochSecond()); + claims.setExpiryTime(expirationTime.getEpochSecond()); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueUnitTest.java index 3bdd11c..555ddfe 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueUnitTest.java @@ -18,8 +18,8 @@ */ package org.apache.cxf.sts.operation; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -465,11 +465,11 @@ public class IssueUnitTest extends org.junit.Assert { if (lifetime <= 0) { lifetime = 300L; } - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusSeconds(lifetime); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusSeconds(lifetime); - created.setValue(DateUtil.getDateTimeFormatter(true).format(creationTime)); - expires.setValue(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + created.setValue(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + expires.setValue(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); LifetimeType lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetimeType(); lifetimeType.setCreated(created); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java index 89305c4..e9ca631 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java @@ -19,8 +19,8 @@ package org.apache.cxf.sts.operation; import java.security.Principal; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.List; import java.util.Properties; @@ -502,11 +502,11 @@ public class RenewSamlUnitTest extends org.junit.Assert { if (ttlMs != 0) { Lifetime lifetime = new Lifetime(); - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusNanos(ttlMs * 1000000L); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java index 8f21291..e017c24 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderLifetimeTest.java @@ -19,8 +19,8 @@ package org.apache.cxf.sts.token.provider; import java.time.Duration; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.Properties; import org.apache.cxf.jaxws.context.WrappedMessageContext; @@ -65,12 +65,12 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -137,13 +137,13 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to 35 minutes - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = 35 * 60L; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -171,13 +171,13 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to Default max lifetime plus 1 - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -209,13 +209,13 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to 35 minutes - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = 35 * 60L; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -250,13 +250,13 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); creationTime = creationTime.plusSeconds(10); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -291,12 +291,12 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(120L); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now().plusSeconds(120L); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -338,10 +338,10 @@ public class JWTProviderLifetimeTest extends org.junit.Assert { createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(120L); + Instant creationTime = Instant.now().plusSeconds(120L); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java index 97dce88..24e1cd1 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java @@ -19,8 +19,8 @@ package org.apache.cxf.sts.token.provider; import java.time.Duration; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.Properties; import org.w3c.dom.Element; @@ -68,11 +68,11 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { // Set expected lifetime to 1 minute Lifetime lifetime = new Lifetime(); - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); @@ -138,13 +138,13 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { ); // Set expected lifetime to 35 minutes - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = 35 * 60L; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); @@ -175,13 +175,13 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { ); // Set expected lifetime to Default max lifetime plus 1 - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE)); @@ -216,13 +216,13 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { ); // Set expected lifetime to 35 minutes - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = 35 * 60L; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -257,13 +257,13 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { ); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); creationTime = creationTime.plusSeconds(10L); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -298,12 +298,12 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { ); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(120L); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now().plusSeconds(120L); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); @@ -344,10 +344,10 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert { ); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(120L); + Instant creationTime = Instant.now().plusSeconds(120L); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java index ae9efb5..b1c3d4b 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java @@ -19,8 +19,8 @@ package org.apache.cxf.sts.token.renewer; import java.time.Duration; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.Properties; import javax.security.auth.callback.CallbackHandler; @@ -84,12 +84,12 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert { TokenRenewerParameters renewerParameters = createRenewerParameters(); // Set expected lifetime to 1 minute - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); renewerParameters.getTokenRequirements().setLifetime(lifetime); @@ -179,13 +179,13 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert { TokenRenewerParameters renewerParameters = createRenewerParameters(); // Set expected lifetime to 35 minutes - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = 35 * 60L; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); renewerParameters.getTokenRequirements().setLifetime(lifetime); @@ -230,13 +230,13 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert { TokenRenewerParameters renewerParameters = createRenewerParameters(); // Set expected lifetime to Default max lifetime plus 1 - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); renewerParameters.getTokenRequirements().setLifetime(lifetime); @@ -286,13 +286,13 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert { TokenRenewerParameters renewerParameters = createRenewerParameters(); // Set expected lifetime to 35 minutes - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); + Instant creationTime = Instant.now(); long requestedLifetime = 35 * 60L; - ZonedDateTime expirationTime = creationTime.plusSeconds(requestedLifetime); + Instant expirationTime = creationTime.plusSeconds(requestedLifetime); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); renewerParameters.getTokenRequirements().setLifetime(lifetime); @@ -374,12 +374,12 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert { providerParameters.getTokenRequirements().setRenewing(renewing); if (ttlMs != 0) { - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusNanos(ttlMs * 1000000L); + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L); Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); } http://git-wip-us.apache.org/repos/asf/cxf/blob/06588cac/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java index d50da32..b4ff7d6 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java @@ -18,8 +18,8 @@ */ package org.apache.cxf.sts.token.renewer; +import java.time.Instant; import java.time.ZoneOffset; -import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -284,12 +284,13 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert { providerParameters.getTokenRequirements().setRenewing(renewing); if (ttlMs != 0) { - ZonedDateTime creationTime = ZonedDateTime.now(ZoneOffset.UTC); - ZonedDateTime expirationTime = creationTime.plusNanos(ttlMs * 1000000L); - Lifetime lifetime = new Lifetime(); - lifetime.setCreated(DateUtil.getDateTimeFormatter(true).format(creationTime)); - lifetime.setExpires(DateUtil.getDateTimeFormatter(true).format(expirationTime)); + + Instant creationTime = Instant.now(); + Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L); + + lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); + lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); providerParameters.getTokenRequirements().setLifetime(lifetime); }