diff --git a/build.xml b/build.xml
index 8b9b3550d..c5f90d9b8 100644
--- a/build.xml
+++ b/build.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<!-- 
+<!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
@@ -30,7 +30,7 @@ under the License.
         Bruno Girin         brunogirin@gmail.com
 
     This build was tested with ant 1.6.2 although it will probably work with
-    other versions.  The following jar files should be available on the 
+    other versions.  The following jar files should be available on the
     classpath when running ant:
 
     LIBRARY         LOCATION
@@ -44,7 +44,7 @@ under the License.
     To build the documentation you will need to install forrest and set
     the FORREST_HOME environment variable.  Forrest 0.5.1 required.
 
-    Since POI 3.5 you will need JDK 1.5 or newer to build POI. 
+    Since POI 3.5 you will need JDK 1.5 or newer to build POI.
 
     Some people may find the tests hang when run through Ant. If this
     happens to you, try giving Ant some more memory when you run it, eg:
@@ -123,7 +123,7 @@ under the License.
   <property name="ooxml.output.test.dir" location="build/ooxml-test-classes"/>
   <property name="ooxml.testokfile" location="build/ooxml-testokfile.txt"/>
 
-  <!-- The following jars are downloaded by the fetch-ooxml-jars task --> 
+  <!-- The following jars are downloaded by the fetch-ooxml-jars task -->
   <property name="ooxml.dom4j.jar" location="${ooxml.lib}/dom4j-1.6.1.jar"/>
   <property name="ooxml.dom4j.url" value="${repository.m2}/maven2/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
   <property name="ooxml.xmlbeans.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/>
@@ -142,8 +142,6 @@ under the License.
   <property name="ooxml.xalan.url" value="${repository.m2}/maven2/xalan/xalan/2.7.1/xalan-2.7.1.jar"/>
   <property name="ooxml.xalan-serializer.jar" location="${ooxml.lib}/serializer-2.7.1.jar"/>
   <property name="ooxml.xalan-serializer.url" value="${repository.m2}/maven2/xalan/serializer/2.7.1/serializer-2.7.1.jar"/>
-  <property name="ooxml.joda-time.jar" location="${ooxml.lib}/joda-time-1.6.jar"/>
-  <property name="ooxml.joda-time.url" value="${repository.m2}/maven2/joda-time/joda-time/1.6/joda-time-1.6.jar"/>
   <!-- BouncyCastle is used only for OOXML Digital Signature tests -->
   <property name="ooxml.bcprov.jar" location="${ooxml.lib}/bcprov-jdk15-140.jar"/>
   <property name="ooxml.bcprov.url" value="${repository.m2}/maven2/bouncycastle/bcprov-jdk15/140/bcprov-jdk15-140.jar"/>
@@ -157,7 +155,7 @@ under the License.
 
   <property name="maven.ooxml.xsds.version.id" value="1.0"/>
   <property name="maven.ooxml.xsds.jar" value="ooxml-schemas-${maven.ooxml.xsds.version.id}.jar"/>
-  
+
   <property name="build.site" location="build/tmp/site/build/site"/>
   <property name="build.site.src" location="build/tmp/site"/>
   <property name="junit.report.dir" location="${build.site}/junit"/>
@@ -175,12 +173,12 @@ under the License.
   <property name="jdk.version.source" value="1.5"
     description="JDK version of source code"/>
   <property name="jdk.version.class" value="1.5"
-    description="JDK version of generated class files"/>  
+    description="JDK version of generated class files"/>
 
     <path id="main.classpath">
-        <fileset dir="${main.lib}"> 
-           <include name="*.jar"/> 
-        </fileset> 
+        <fileset dir="${main.lib}">
+           <include name="*.jar"/>
+        </fileset>
         <pathelement location="${main.resource1.dir}"/>
     </path>
 
@@ -224,7 +222,7 @@ under the License.
         <pathelement location="${ooxml.output.dir}"/>
         <pathelement location="${ooxml.output.test.dir}"/>
         <pathelement location="${main.output.test.dir}"/> <!-- ooxml tests use some utilities from main tests -->
-        <pathelement location="${scratchpad.output.test.dir}"/> 
+        <pathelement location="${scratchpad.output.test.dir}"/>
         <pathelement location="${junit.jar1.dir}"/>
         <pathelement location="${ooxml.src.test}"/>
     </path>
@@ -290,7 +288,7 @@ under the License.
 
         <available resource="clovertasks" property="clover.present"/>
         <antcall target="with.clover"/>
-        
+
         <mkdir dir="build"/>
         <mkdir dir="build/non-ant-classes"/>
         <mkdir dir="${main.output.dir}"/>
@@ -375,7 +373,6 @@ under the License.
                     <available file="${ooxml.xmlsec.jar}"/>
                     <available file="${ooxml.xalan.jar}"/>
                     <available file="${ooxml.xalan-serializer.jar}"/>
-                    <available file="${ooxml.joda-time.jar}"/>
                     <available file="${ooxml.bcprov.jar}"/>
                 </and>
                 <isset property="disconnected"/>
@@ -419,10 +416,6 @@ under the License.
         <param name="sourcefile" value="${ooxml.xalan-serializer.url}"/>
         <param name="destfile" value="${ooxml.xalan-serializer.jar}"/>
       </antcall>
-      <antcall target="downloadfile">
-        <param name="sourcefile" value="${ooxml.joda-time.url}"/>
-        <param name="destfile" value="${ooxml.joda-time.jar}"/>
-      </antcall>
       <antcall target="downloadfile">
         <param name="sourcefile" value="${ooxml.bcprov.url}"/>
         <param name="destfile" value="${ooxml.bcprov.jar}"/>
@@ -482,7 +475,7 @@ under the License.
 		</xmlbean>
 	</target>
 
-  <target name="compile" depends="init, compile-main, 
+  <target name="compile" depends="init, compile-main,
     compile-scratchpad, compile-contrib, compile-examples, compile-scratchpad-examples"
     description="Compiles the POI main classes, scratchpad, contrib, examples, and scratchpad examples"/>
 
@@ -605,7 +598,7 @@ under the License.
 	<!-- Generate the .java file -->
 	<property name="version.java" value="${main.output.dir}/org/apache/poi/Version.java" />
 	<delete file="${version.java}" />
-	<copy 
+	<copy
 		file="src/resources/version/Version.java.template"
 		tofile="${version.java}">
 		<filterset>
@@ -638,9 +631,9 @@ under the License.
     <junit fork="yes" forkmode="once" printsummary="yes" haltonfailure="${halt.on.test.failure}"
       failureproperty="main.test.failed" showoutput="true">
       <classpath refid="test.classpath"/>
-      <sysproperty key="user.language" value="en"/> 
-      <sysproperty key="user.country" value="US"/> 
-      <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+      <sysproperty key="user.language" value="en"/>
+      <sysproperty key="user.country" value="US"/>
+      <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
       <sysproperty key="java.awt.headless" value="true"/>
       <formatter type="plain"/>
       <formatter type="xml"/>
@@ -669,9 +662,9 @@ under the License.
         <pathelement location="${scratchpad.output.test.dir}"/>
         <pathelement location="${junit.jar1.dir}"/>
       </classpath>
-      <sysproperty key="user.language" value="en"/> 
-      <sysproperty key="user.country" value="US"/> 
-      <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+      <sysproperty key="user.language" value="en"/>
+      <sysproperty key="user.country" value="US"/>
+      <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
       <sysproperty key="java.awt.headless" value="true"/>
       <formatter type="plain" usefile="no"/>
       <batchtest todir="${main.reports.test}">
@@ -681,7 +674,7 @@ under the License.
         </fileset>
       </batchtest>
     </junit>
-  </target>        
+  </target>
 
 
 
@@ -695,9 +688,9 @@ under the License.
               <pathelement location="${scratchpad.output.test.dir}"/>
               <pathelement location="${junit.jar1.dir}"/>
             </classpath>
-            <sysproperty key="user.language" value="en"/> 
-            <sysproperty key="user.country" value="US"/> 
-            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+            <sysproperty key="user.language" value="en"/>
+            <sysproperty key="user.country" value="US"/>
+            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
             <sysproperty key="java.awt.headless" value="true"/>
             <formatter type="plain" usefile="no"/>
             <formatter type="xml"/>
@@ -731,9 +724,9 @@ under the License.
                 <pathelement location="${scratchpad.output.test.dir}"/>
                 <pathelement location="${junit.jar1.dir}"/>
             </classpath>
-            <sysproperty key="user.language" value="en"/> 
-            <sysproperty key="user.country" value="US"/> 
-            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+            <sysproperty key="user.language" value="en"/>
+            <sysproperty key="user.country" value="US"/>
+            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
             <sysproperty key="java.awt.headless" value="true"/>
             <formatter type="plain"/>
             <formatter type="xml"/>
@@ -762,9 +755,9 @@ under the License.
 	            <pathelement location="${scratchpad.output.test.dir}"/>
 	            <pathelement location="${junit.jar1.dir}"/>
 	        </classpath>
-              <sysproperty key="user.language" value="en"/> 
-              <sysproperty key="user.country" value="US"/> 
-              <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+              <sysproperty key="user.language" value="en"/>
+              <sysproperty key="user.country" value="US"/>
+              <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
 	            <sysproperty key="java.awt.headless" value="true"/>
 	            <sysproperty key="java.awt.headless" value="true"/>
 	            <formatter type="plain" usefile="no"/>
@@ -772,7 +765,7 @@ under the License.
 	            <test name="${testcase}"/>
 	        </junit>
 	    </target>
-	
+
     <target name="-test-contrib-check">
         <uptodate property="contrib.test.notRequired" targetfile="${contrib.testokfile}">
             <srcfiles dir="${contrib.src}"/>
@@ -789,8 +782,8 @@ under the License.
                 <pathelement location="${contrib.output.test.dir}"/>
                 <pathelement location="${junit.jar1.dir}"/>
             </classpath>
-            <sysproperty key="user.language" value="en"/> 
-            <sysproperty key="user.country" value="US"/> 
+            <sysproperty key="user.language" value="en"/>
+            <sysproperty key="user.country" value="US"/>
             <sysproperty key="java.awt.headless" value="true"/>
             <formatter type="plain"/>
             <formatter type="xml"/>
@@ -819,9 +812,9 @@ under the License.
     <target name="test-ooxml" depends="compile-main,compile-ooxml,-test-ooxml-check" unless="ooxml.test.notRequired">
         <junit printsummary="yes" fork="yes" forkmode="once" haltonfailure="${halt.on.test.failure}" failureproperty="ooxml.test.failed">
             <classpath refid="test.ooxml.classpath" />
-            <sysproperty key="user.language" value="en"/> 
-            <sysproperty key="user.country" value="US"/> 
-            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+            <sysproperty key="user.language" value="en"/>
+            <sysproperty key="user.country" value="US"/>
+            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
             <sysproperty key="java.awt.headless" value="true"/>
             <formatter type="plain"/>
             <formatter type="xml"/>
@@ -843,9 +836,9 @@ under the License.
     <target name="single-test-ooxml" depends="-test-property-check,compile-main,compile-ooxml" description="Runs a single ooxml test case specified with -Dtestcase=classname">
         <junit printsummary="yes" showoutput="true" filtertrace="no" haltonfailure="false" >
             <classpath refid="test.ooxml.classpath" />
-            <sysproperty key="user.language" value="en"/> 
-            <sysproperty key="user.country" value="US"/> 
-            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/> 
+            <sysproperty key="user.language" value="en"/>
+            <sysproperty key="user.country" value="US"/>
+            <sysproperty key="POI.testdata.path" file="${poi.test.dir}"/>
             <sysproperty key="java.awt.headless" value="true"/>
             <formatter type="plain" usefile="no"/>
             <formatter type="xml"/>
@@ -1094,7 +1087,7 @@ FORREST_HOME environment variable!</echo>
                 <attribute name="Implementation-Title" value="Apache POI"/>
                 <attribute name="Implementation-Version" value="${version.id}-${DSTAMP}"/>
                 <attribute name="Implementation-Vendor" value="Apache"/>
-            </manifest>        
+            </manifest>
         </jar>
         <jar destfile="${dist.dir}/${jar.name}-contrib-${version.id}-${DSTAMP}.jar">
 			      <fileset dir="${contrib.output.dir}" />
@@ -1107,7 +1100,7 @@ FORREST_HOME environment variable!</echo>
                 <attribute name="Implementation-Title" value="Apache POI"/>
                 <attribute name="Implementation-Version" value="${version.id}-${DSTAMP}"/>
                 <attribute name="Implementation-Vendor" value="Apache"/>
-            </manifest>        
+            </manifest>
         </jar>
         <jar destfile="${dist.dir}/${jar.name}-scratchpad-${version.id}-${DSTAMP}.jar">
       			<fileset dir="${scratchpad.output.dir}" />
@@ -1120,7 +1113,7 @@ FORREST_HOME environment variable!</echo>
                 <attribute name="Implementation-Title" value="Apache POI"/>
                 <attribute name="Implementation-Version" value="${version.id}-${DSTAMP}"/>
                 <attribute name="Implementation-Vendor" value="Apache"/>
-            </manifest>        
+            </manifest>
         </jar>
         <jar destfile="${dist.dir}/${jar.name}-ooxml-${version.id}-${DSTAMP}.jar">
             <fileset dir="${ooxml.output.dir}" />
@@ -1133,7 +1126,7 @@ FORREST_HOME environment variable!</echo>
                 <attribute name="Implementation-Title" value="Apache POI"/>
                 <attribute name="Implementation-Version" value="${version.id}-${DSTAMP}"/>
                 <attribute name="Implementation-Vendor" value="Apache"/>
-            </manifest>        
+            </manifest>
         </jar>
     </target>
   <target name="jar-examples" depends="compile, compile-version" description="Creates a jar file of the examples, in case people want to use them as-is">
@@ -1148,7 +1141,7 @@ FORREST_HOME environment variable!</echo>
                 <attribute name="Implementation-Title" value="Apache POI"/>
                 <attribute name="Implementation-Version" value="${version.id}-${DSTAMP}"/>
                 <attribute name="Implementation-Vendor" value="Apache"/>
-            </manifest>        
+            </manifest>
         </jar>
     </target>
 
@@ -1251,7 +1244,7 @@ FORREST_HOME environment variable!</echo>
       JDepend is not available. You must download JDepend from
       &lt;http://www.clarkware.com/software/JDepend.html&gt; and include the
       JAR file in your classpath.
-    </echo> 
+    </echo>
     <fail message="JDepend is not available."/>
   </target>
 
diff --git a/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java b/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
index df6956664..067dfece8 100644
--- a/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
+++ b/src/ooxml/java/org/apache/poi/ooxml/signature/service/signer/ooxml/OOXMLSignatureAspect.java
@@ -1,4 +1,3 @@
-
 /* ====================================================================
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
@@ -29,8 +28,10 @@ import java.io.InputStream;
 import java.net.URL;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
+import java.util.Calendar;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.TimeZone;
 import java.util.UUID;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
@@ -57,10 +58,6 @@ import org.apache.poi.ooxml.signature.service.signer.NoCloseInputStream;
 import org.apache.poi.ooxml.signature.service.signer.SignatureAspect;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xpath.XPathAPI;
-import org.joda.time.DateTime;
-import org.joda.time.DateTimeZone;
-import org.joda.time.format.DateTimeFormatter;
-import org.joda.time.format.ISODateTimeFormat;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -73,19 +70,14 @@ import org.xml.sax.SAXException;
 /**
  * Office OpenXML Signature Aspect implementation.
  */
-public class OOXMLSignatureAspect implements SignatureAspect {
+final class OOXMLSignatureAspect implements SignatureAspect {
 
     private static final Log LOG = LogFactory.getLog(OOXMLSignatureAspect.class);
 
-    private final AbstractOOXMLSignatureService signatureService;
+    private final AbstractOOXMLSignatureService _signatureService;
 
-    /**
-     * Main constructor.
-     * 
-     * @param ooxmlUrl
-     */
     public OOXMLSignatureAspect(AbstractOOXMLSignatureService signatureService) {
-        this.signatureService = signatureService;
+        _signatureService = signatureService;
     }
 
     public void preSign(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references, List<XMLObject> objects)
@@ -98,7 +90,7 @@ public class OOXMLSignatureAspect implements SignatureAspect {
 
     private void addManifestObject(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references,
                                     List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
-        Manifest manifest = constructManifest(signatureFactory, document);
+        Manifest manifest = constructManifest(signatureFactory);
         String objectId = "idPackageObject"; // really has to be this value.
         List<XMLStructure> objectContent = new LinkedList<XMLStructure>();
         objectContent.add(manifest);
@@ -112,12 +104,12 @@ public class OOXMLSignatureAspect implements SignatureAspect {
         references.add(reference);
     }
 
-    private Manifest constructManifest(XMLSignatureFactory signatureFactory, Document document) throws NoSuchAlgorithmException,
+    private Manifest constructManifest(XMLSignatureFactory signatureFactory) throws NoSuchAlgorithmException,
                                     InvalidAlgorithmParameterException {
         List<Reference> manifestReferences = new LinkedList<Reference>();
 
         try {
-            addRelationshipsReferences(signatureFactory, document, manifestReferences);
+            addRelationshipsReferences(signatureFactory, manifestReferences);
         } catch (Exception e) {
             throw new RuntimeException("error: " + e.getMessage(), e);
         }
@@ -145,7 +137,7 @@ public class OOXMLSignatureAspect implements SignatureAspect {
         return manifest;
     }
 
-    private void addSignatureTime(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<XMLStructure> objectContent) {
+    private static void addSignatureTime(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<XMLStructure> objectContent) {
         /*
          * SignatureTime
          */
@@ -155,9 +147,7 @@ public class OOXMLSignatureAspect implements SignatureAspect {
         formatElement.setTextContent("YYYY-MM-DDThh:mm:ssTZD");
         signatureTimeElement.appendChild(formatElement);
         Element valueElement = document.createElementNS("http://schemas.openxmlformats.org/package/2006/digital-signature", "mdssi:Value");
-        DateTime dateTime = new DateTime(DateTimeZone.UTC);
-        DateTimeFormatter fmt = ISODateTimeFormat.dateTimeNoMillis();
-        String now = fmt.print(dateTime);
+        String now = formatTimestampAsISO8601(System.currentTimeMillis());
         LOG.debug("now: " + now);
         valueElement.setTextContent(now);
         signatureTimeElement.appendChild(valueElement);
@@ -172,6 +162,34 @@ public class OOXMLSignatureAspect implements SignatureAspect {
         objectContent.add(signatureProperties);
     }
 
+    /**
+     * @return text formatted "YYYY-MM-DDThh:mm:ssTZD"
+     */
+    static String formatTimestampAsISO8601(long ts) {
+        Calendar c = Calendar.getInstance();
+        c.setTimeInMillis(ts);
+        c.setTimeZone(TimeZone.getTimeZone("UTC"));
+        char[] buf = "yyyy-mm-ddThh:mm:ssZ".toCharArray();
+        itoa(buf, 0, 4, c.get(Calendar.YEAR));
+        itoa(buf, 5, 2, c.get(Calendar.MONTH)+1);
+        itoa(buf, 8, 2, c.get(Calendar.DAY_OF_MONTH));
+        itoa(buf, 11, 2, c.get(Calendar.HOUR_OF_DAY));
+        itoa(buf, 14, 2, c.get(Calendar.MINUTE));
+        itoa(buf, 17, 2, c.get(Calendar.SECOND));
+        return new String(buf);
+    }
+
+    private static void itoa(char[] buf, int start, int len, int value) {
+        int acc = value;
+        int i=start+len-1;
+        while (i>=start) {
+            int d = acc % 10;
+            acc /= 10;
+            buf[i] = (char) ('0' + d);
+            i--;
+        }
+    }
+
     private void addSignatureInfo(XMLSignatureFactory signatureFactory, Document document, String signatureId, List<Reference> references,
                                     List<XMLObject> objects) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
         List<XMLStructure> objectContent = new LinkedList<XMLStructure>();
@@ -200,10 +218,10 @@ public class OOXMLSignatureAspect implements SignatureAspect {
         references.add(reference);
     }
 
-    private void addRelationshipsReferences(XMLSignatureFactory signatureFactory, Document document, List<Reference> manifestReferences) throws IOException,
-                                    ParserConfigurationException, SAXException, TransformerException, NoSuchAlgorithmException,
+    private void addRelationshipsReferences(XMLSignatureFactory signatureFactory, List<Reference> manifestReferences) throws IOException,
+                                    ParserConfigurationException, SAXException, NoSuchAlgorithmException,
                                     InvalidAlgorithmParameterException {
-        URL ooxmlUrl = this.signatureService.getOfficeOpenXMLDocumentURL();
+        URL ooxmlUrl = _signatureService.getOfficeOpenXMLDocumentURL();
         InputStream inputStream = ooxmlUrl.openStream();
         ZipInputStream zipInputStream = new ZipInputStream(inputStream);
         ZipEntry zipEntry;
@@ -212,11 +230,11 @@ public class OOXMLSignatureAspect implements SignatureAspect {
                 continue;
             }
             Document relsDocument = loadDocumentNoClose(zipInputStream);
-            addRelationshipsReference(signatureFactory, document, zipEntry.getName(), relsDocument, manifestReferences);
+            addRelationshipsReference(signatureFactory, zipEntry.getName(), relsDocument, manifestReferences);
         }
     }
 
-    private void addRelationshipsReference(XMLSignatureFactory signatureFactory, Document document, String zipEntryName, Document relsDocument,
+    private void addRelationshipsReference(XMLSignatureFactory signatureFactory, String zipEntryName, Document relsDocument,
                                     List<Reference> manifestReferences) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
         LOG.debug("relationships: " + zipEntryName);
         RelationshipTransformParameterSpec parameterSpec = new RelationshipTransformParameterSpec();
@@ -267,7 +285,7 @@ public class OOXMLSignatureAspect implements SignatureAspect {
                                     InvalidAlgorithmParameterException {
         List<String> documentResourceNames;
         try {
-            documentResourceNames = getResourceNames(this.signatureService.getOfficeOpenXMLDocumentURL(), contentType);
+            documentResourceNames = getResourceNames(_signatureService.getOfficeOpenXMLDocumentURL(), contentType);
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
@@ -318,7 +336,7 @@ public class OOXMLSignatureAspect implements SignatureAspect {
     }
 
     protected Document findDocument(String zipEntryName) throws IOException, ParserConfigurationException, SAXException {
-        URL ooxmlUrl = this.signatureService.getOfficeOpenXMLDocumentURL();
+        URL ooxmlUrl = _signatureService.getOfficeOpenXMLDocumentURL();
         InputStream inputStream = ooxmlUrl.openStream();
         ZipInputStream zipInputStream = new ZipInputStream(inputStream);
         ZipEntry zipEntry;
diff --git a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/AllOOXMLSignatureTests.java b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/AllOOXMLSignatureTests.java
new file mode 100644
index 000000000..8fd20148c
--- /dev/null
+++ b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/AllOOXMLSignatureTests.java
@@ -0,0 +1,36 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+package org.apache.poi.ooxml.signature.service.signer;
+
+import org.apache.poi.ooxml.signature.service.signer.ooxml.TestOOXMLSignatureAspect;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+
+public final class AllOOXMLSignatureTests {
+
+	public static Test suite() {
+		TestSuite result = new TestSuite(AllOOXMLSignatureTests.class.getName());
+		result.addTestSuite(TestAbstractOOXMLSignatureService.class);
+		result.addTestSuite(TestAbstractXmlSignatureService.class);
+		result.addTestSuite(TestOOXMLSignatureAspect.class);
+		result.addTestSuite(TestOOXMLSignatureVerifier.class);
+		return result;
+	}
+}
diff --git a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/PkiTestUtils.java b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/PkiTestUtils.java
index a307ee090..40a8875dc 100644
--- a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/PkiTestUtils.java
+++ b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/PkiTestUtils.java
@@ -1,4 +1,3 @@
-
 /* ====================================================================
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
@@ -40,6 +39,8 @@ import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.spec.RSAKeyGenParameterSpec;
+import java.util.Calendar;
+import java.util.Date;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -53,6 +54,7 @@ import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
+import org.apache.poi.util.HexRead;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERIA5String;
@@ -71,18 +73,18 @@ import org.bouncycastle.asn1.x509.X509Extensions;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.x509.X509V3CertificateGenerator;
-import org.joda.time.DateTime;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
-public class PkiTestUtils {
+final class PkiTestUtils {
 
-    public static final byte[] SHA1_DIGEST_INFO_PREFIX = new byte[] { 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14 };
+    public static final byte[] SHA1_DIGEST_INFO_PREFIX =
+        HexRead.readFromString( "30 1f 30 07 06 05 2b 0e 03 02 1a 04 14");
 
     private PkiTestUtils() {
-        super();
+        // no instances of this class
     }
 
     static KeyPair generateKeyPair() throws Exception {
@@ -107,17 +109,21 @@ public class PkiTestUtils {
         return new AuthorityKeyIdentifier(info);
     }
 
-    static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn, DateTime notBefore, DateTime notAfter,
+    public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn,
                                     X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri,
                                     String ocspUri, KeyUsage keyUsage) throws IOException, InvalidKeyException, IllegalStateException,
                                     NoSuchAlgorithmException, SignatureException, CertificateException {
+
+        Date notBefore = makeDate(2010, 1, 1);
+        Date notAfter = makeDate(2011, 1, 1);
+
         String signatureAlgorithm = "SHA1withRSA";
         X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
         certificateGenerator.reset();
         certificateGenerator.setPublicKey(subjectPublicKey);
         certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);
-        certificateGenerator.setNotBefore(notBefore.toDate());
-        certificateGenerator.setNotAfter(notAfter.toDate());
+        certificateGenerator.setNotBefore(notBefore);
+        certificateGenerator.setNotAfter(notAfter);
         X509Principal issuerDN;
         if (null != issuerCertificate) {
             issuerDN = new X509Principal(issuerCertificate.getSubjectX500Principal().toString());
@@ -173,6 +179,13 @@ public class PkiTestUtils {
         return certificate;
     }
 
+    private static Date makeDate(int year, int month, int day) {
+        Calendar c = Calendar.getInstance();
+        c.set(year, month, day, 0, 0, 0);
+        c.set(Calendar.MILLISECOND, 0);
+        return c.getTime();
+    }
+
     static Document loadDocument(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException {
         InputSource inputSource = new InputSource(documentInputStream);
         DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
diff --git a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractOOXMLSignatureService.java b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractOOXMLSignatureService.java
index d6cc51c65..5aa8b0b5c 100644
--- a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractOOXMLSignatureService.java
+++ b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractOOXMLSignatureService.java
@@ -1,4 +1,3 @@
-
 /* ====================================================================
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
@@ -42,13 +41,11 @@ import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.poi.ooxml.signature.service.signer.TemporaryDataStorage;
 import org.apache.poi.ooxml.signature.service.signer.ooxml.AbstractOOXMLSignatureService;
 import org.apache.poi.ooxml.signature.service.signer.ooxml.OOXMLProvider;
 import org.apache.poi.ooxml.signature.service.signer.ooxml.OOXMLSignatureVerifier;
 import org.apache.poi.ooxml.signature.service.spi.DigestInfo;
 import org.bouncycastle.asn1.x509.KeyUsage;
-import org.joda.time.DateTime;
 
 
 
@@ -62,35 +59,35 @@ public class TestAbstractOOXMLSignatureService extends TestCase {
 
     private static class OOXMLTestSignatureService extends AbstractOOXMLSignatureService {
 
-        private final URL ooxmlUrl;
+        private final URL _ooxmlUrl;
 
-        private final TemporaryTestDataStorage temporaryDataStorage;
+        private final TemporaryTestDataStorage _temporaryDataStorage;
 
-        private final ByteArrayOutputStream signedOOXMLOutputStream;
+        private final ByteArrayOutputStream _signedOOXMLOutputStream;
 
         public OOXMLTestSignatureService(URL ooxmlUrl) {
-            this.temporaryDataStorage = new TemporaryTestDataStorage();
-            this.signedOOXMLOutputStream = new ByteArrayOutputStream();
-            this.ooxmlUrl = ooxmlUrl;
+            _temporaryDataStorage = new TemporaryTestDataStorage();
+            _signedOOXMLOutputStream = new ByteArrayOutputStream();
+            _ooxmlUrl = ooxmlUrl;
         }
 
         @Override
         protected URL getOfficeOpenXMLDocumentURL() {
-            return this.ooxmlUrl;
+            return _ooxmlUrl;
         }
 
         @Override
         protected OutputStream getSignedOfficeOpenXMLDocumentOutputStream() {
-            return this.signedOOXMLOutputStream;
+            return _signedOOXMLOutputStream;
         }
 
         public byte[] getSignedOfficeOpenXMLDocumentData() {
-            return this.signedOOXMLOutputStream.toByteArray();
+            return _signedOOXMLOutputStream.toByteArray();
         }
 
         @Override
         protected TemporaryDataStorage getTemporaryDataStorage() {
-            return this.temporaryDataStorage;
+            return _temporaryDataStorage;
         }
     }
 
@@ -189,9 +186,7 @@ public class TestAbstractOOXMLSignatureService extends TestCase {
         byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
         byte[] signatureValue = cipher.doFinal(digestInfoValue);
 
-        DateTime notBefore = new DateTime();
-        DateTime notAfter = notBefore.plusYears(1);
-        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), signerDn, notBefore, notAfter, null, keyPair.getPrivate(), true, 0,
+        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), signerDn, null, keyPair.getPrivate(), true, 0,
                                         null, null, new KeyUsage(KeyUsage.nonRepudiation));
 
         // operate: postSign
diff --git a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractXmlSignatureService.java b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractXmlSignatureService.java
index 538c96d0b..352cc3e35 100644
--- a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractXmlSignatureService.java
+++ b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/TestAbstractXmlSignatureService.java
@@ -69,7 +69,6 @@ import org.apache.xpath.XPathAPI;
 import org.bouncycastle.asn1.x509.KeyUsage;
 import org.jcp.xml.dsig.internal.dom.DOMReference;
 import org.jcp.xml.dsig.internal.dom.DOMXMLSignature;
-import org.joda.time.DateTime;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -215,9 +214,7 @@ public final class TestAbstractXmlSignatureService extends TestCase {
         byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
         byte[] signatureValue = cipher.doFinal(digestInfoValue);
 
-        DateTime notBefore = new DateTime();
-        DateTime notAfter = notBefore.plusYears(1);
-        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true,
+        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", null, keyPair.getPrivate(), true,
                                         0, null, null, new KeyUsage(KeyUsage.nonRepudiation));
 
         /*
@@ -313,9 +310,7 @@ public final class TestAbstractXmlSignatureService extends TestCase {
         byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
         byte[] signatureValue = cipher.doFinal(digestInfoValue);
 
-        DateTime notBefore = new DateTime();
-        DateTime notAfter = notBefore.plusYears(1);
-        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true,
+        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", null, keyPair.getPrivate(), true,
                                         0, null, null, new KeyUsage(KeyUsage.nonRepudiation));
 
         /*
@@ -395,9 +390,7 @@ public final class TestAbstractXmlSignatureService extends TestCase {
         byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
         byte[] signatureValue = cipher.doFinal(digestInfoValue);
 
-        DateTime notBefore = new DateTime();
-        DateTime notAfter = notBefore.plusYears(1);
-        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true,
+        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", null, keyPair.getPrivate(), true,
                                         0, null, null, new KeyUsage(KeyUsage.nonRepudiation));
 
         /*
@@ -475,9 +468,7 @@ public final class TestAbstractXmlSignatureService extends TestCase {
         byte[] digestInfoValue = ArrayUtils.addAll(PkiTestUtils.SHA1_DIGEST_INFO_PREFIX, digestInfo.digestValue);
         byte[] signatureValue = cipher.doFinal(digestInfoValue);
 
-        DateTime notBefore = new DateTime();
-        DateTime notAfter = notBefore.plusYears(1);
-        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", notBefore, notAfter, null, keyPair.getPrivate(), true,
+        X509Certificate certificate = PkiTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test", null, keyPair.getPrivate(), true,
                                         0, null, null, new KeyUsage(KeyUsage.nonRepudiation));
 
         /*
diff --git a/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/ooxml/TestOOXMLSignatureAspect.java b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/ooxml/TestOOXMLSignatureAspect.java
new file mode 100644
index 000000000..aeee8f0d9
--- /dev/null
+++ b/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/ooxml/TestOOXMLSignatureAspect.java
@@ -0,0 +1,40 @@
+/* ====================================================================
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+==================================================================== */
+
+package org.apache.poi.ooxml.signature.service.signer.ooxml;
+
+import java.util.Calendar;
+import java.util.TimeZone;
+
+import junit.framework.TestCase;
+
+public final class TestOOXMLSignatureAspect extends TestCase {
+
+	private static final TimeZone TIME_ZONE_UTC = TimeZone.getTimeZone("UTC");
+
+	public void testFormatTimestampAsISO8601() {
+		assertEquals("2010-06-05T04:03:02Z", OOXMLSignatureAspect.formatTimestampAsISO8601(makeTimestamp(2010, 6, 5, 4, 3, 2)));
+	}
+
+	private static long makeTimestamp(int year, int month, int day, int hour, int minute, int second) {
+		Calendar c = Calendar.getInstance();
+		c.setTimeZone(TIME_ZONE_UTC);
+		c.set(year, month-1, day, hour, minute, second);
+		c.set(Calendar.MILLISECOND, 0);
+		return c.getTimeInMillis();
+	}
+}