On https://docs.oracle.com/javase/9/security/java-xml-digital-signature-api-specification1.htm and https://docs.oracle.com/javase/9/security/java-xml-digital-signature-api-overview-and-tutorial.htm.
There are multiple places that have a wrong URI for dsa-sha256. Not "http://www.w3.org/2000/09/xmldsig#dsa-sha256". Should be "http://www.w3.org/2009/xmldsig11#dsa-sha256". After the last occurence, the URI for RSA is also wrong. It should be "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".
There are multiple places that have a wrong URI for dsa-sha256. Not "http://www.w3.org/2000/09/xmldsig#dsa-sha256". Should be "http://www.w3.org/2009/xmldsig11#dsa-sha256". After the last occurence, the URI for RSA is also wrong. It should be "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".