They released 3.0.3 on Thurs 2023-10-19, so pushed these changes and all seems working ok.

I made all code and test updates on a local branch and then tested against a local build of Santuario 3.0.3-SNAPSHOT and without BC configured in. Everything seems to work as expected. This includes a signing unit test which now exercises signing and validation with all 9 PSS algorithms. Yay.

As of now they are supposedly releasing 3.0.3 on or about Friday 2023-10-13, so once that’s out, will bump the xmlsec version in the parent and push my local branch changes.

(FYI, I did have trouble getting this to work in Eclipse because their project POM specifies Java 1.8 as the baseline for compiler target, etc - but this new code actually has a compile reference to the field PSSParameterSpec.TRAILER_FIELD_BC, which was only added in Java 11. So Eclipse builds of xmlsec had errors about the unknown symbol and OpenSAML tests failed at runtime with that. I tried to fiddle with their POM and/or my .classpath to make it work in a JDK 17 environment, but I couldn't get all the details right. So gave up and just relied on Maven-based test runs. The yak is very thoroughly shaved.)