如何在C#中计算XAdES SignatureTimestamp

我们有一个正在创建 XAdES 签名的应用程序。 EU DSS 验证器已正确验证签名。不幸的是，当尝试添加时间戳时，验证器表明印记摘要不正确。

我们使用以下代码来计算摘要：

XmlDocument d = new XmlDocument();
d.PreserveWhitespace=true;

// Left out code to load actual XML data

// Make sure we can find the signature in the right namespace 
XmlNamespaceManager nsm = new XmlNamespaceManager(d.NameTable);
nsm.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl);

// Find the SignatureValue node (we only have one, but selection could be done cleaner)
XmlNodeList n = d.SelectNodes("//ds:SignatureValue", nsm); 

// ETSI prescribes the use of C14N
XmlDsigExcC14NTransform t = new XmlDsigExcC14NTransform();
t.LoadInput(n);
// We use SHA256 hashing on the canonicalized data
byte[] digest = t.GetDigestedOutput(SHA256.Create());

// The value of the digest variable is being timestamped using BouncyCastle.netcore library
TimeStampRequest request = requestGenerator.Generate(a, digest, BigInteger.ValueOf(100));
using HttpClient client = _hcf.CreateClient();
ByteArrayContent content = new ByteArrayContent(request.GetEncoded());
HttpResponseMessage msg = await client.PostAsync(_config["AppSettings:TimeStampServer"], content);
TimeStampResponse response = new TimeStampResponse(await msg.Content.ReadAsByteArrayAsync());

byte[] dataToEmbed = response.TimeStampToken.GetEncoded();
string algorithmUrlToEmbed = t.Algorithm;
 
// the content of dataToEmbed is embedded into the XML           
// together with the url of the canonicalization (algorithmUrlToEmbed)

我们做错了什么，欧盟 DSS 验证器指出时间戳令牌的印记摘要是错误的。我们检查了生成的 XML，压印摘要等于我们计算的摘要，所以我们可能错误地计算了摘要。