Validate signed XML with XSD - xmldsig

Question

I'm kind of new on this of the XMLDSig. My XML needs to be signed. In the project I'm in, I need to validate the XML against XSD before the sign, and after the sign.

I don't know too much about XSD but I think here, there is an import to another XSD. And that's where my troubles begin. My XSD file is masive.xsd and this is how it looks at the start.

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" 
           xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    elementFormDefault="qualified">
    <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
        schemaLocation="xmldsig-core-schema.xsd"/>

In my code C# I use some code I found in Internet, that works because when I try to validate an XML against XSD it shows the errors found. But when I try to validate a signed XML is where my troubles begin.

If I use the class as it is, without any changes. When I add the schema with the function pathSchema:

SchemaSet.Add(null, pathSchema);  //pathSchema is the path where my xsd file is.

I get this error:

The 'http://www.w3.org/2000/09/xmldsig#:Signature' element is not declared.

If I'm right, this is because the XML signed has some tags like these:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-aae8151c-b8db-4525-bfb1-0b3cebdd1dbf">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#xmldsig-aae8151c-b8db-4525-bfb1-0b3cebdd1dbf-keyinfo">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>p4U9Np1nKtjWPPwp2mOcIimRjUy+RuQIPr2hVdY5R2E=</ds:DigestValue>
</ds:Reference>

I've read some posts before and in one of those I read someone added the XSD manually I thought. So I downloaded the XSD and put into a local path, and then I added to my code:

    XElement xsdMarkup2 = XElement.Load(@"C:\XMLXSD\xmldsig-core-schema.xsd");
    settings.Schemas.Add(null, xsdMarkup2.CreateReader());

And the error "Signature element is not declared" doesn't show up. However, the validator does not validate the signed XML anymore. Because I've deleted some tags and the class said: No error. But there was.

Answer 1

Ok, I finally managed to solve it.

I used this solution, this is a mix from various solutions. I downloaded the xmldsig-core-schema.xsd and edit it, because it has some lines with comments that when I tried to validate the xml it throws an exception saying that the first line in a xsd schema must be something like

<schema xmlns="http://www.w3.org/2001/XMLSchema"

Well this is the part of the code in C#

                XmlSchemaSet ss = new XmlSchemaSet();
                ss.Add(null, @"C:\Masive.xsd");

                XmlReaderSettings settings2 = new XmlReaderSettings();
                settings2.DtdProcessing = DtdProcessing.Parse;

                XmlReader reader = XmlReader.Create(@"C:\xmldsig-core-schema.xsd", settings2);

                ss.Add(null, reader);
                ss.Compile();

I'm sure this is not the best way to do it (I guess) but it worked for me.