我尝试用iText中的外部签名webService实现对PDF的签名。 我使用了iText（https://raw.githubusercontent.com/itext/i5ns-tutorial/master/signatures/chapter4/C4_07_ClientServerSigning/C4_07_ClientServerSigning.cs）提供的示例客户端-服务器签名作为蓝图。

public class ServerSignature : IExternalSignature
{
    public String GetHashAlgorithm()
    {
        return DigestAlgorithms.SHA256;
    }

    public String GetEncryptionAlgorithm()
    {
        return "ECDSA";
        //return "1.2.840.10045.4.3.2";
    }

    public byte[] Sign(byte[] message)
    {
        string base64encodedMessage = Convert.ToBase64String(message);

        // upload to WebService and return response

        return Convert.FromBase64String(signatureValueFromWebServiceResponse)
    }
}

在方法public byte [] sign（byte [] message）中，我使用以下请求将接收到的消息上传到Web服务

<?xml version='1.0' encoding='UTF-8'?>
<CreateXMLSignatureRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'>
    <KeyboxIdentifier>SecureSignatureKeypair</KeyboxIdentifier>
    <DataObjectInfo Structure='detached'>
        <DataObject>
            <Base64Content>_BASE_64_ENCODED_MESSAGE_GOES_HERE_</Base64Content>
        </DataObject>
        <TransformsInfo>
            <FinalDataMetaInfo>
                <MimeType>application/octet-stream</MimeType>
            </FinalDataMetaInfo>
        </TransformsInfo>
    </DataObjectInfo>   
</CreateXMLSignatureRequest>

从收到的响应中，我返回dsig：SignatureValue的base64解码值。但是结果pdf中的签名无效。

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<sl:CreateXMLSignatureResponse xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#">
    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1">
        <dsig:SignedInfo>
            <dsig:Canonicalizationmethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
            <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
            <dsig:Reference Id="reference-1-1" URI="#signed-data-1-1">
                <dsig:Transforms>
                    <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
                        <xpf:XPath xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect">id('signed-data-1-1')/node()</xpf:XPath>
                    </dsig:Transform>
                    <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
                </dsig:Transforms>
                <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <dsig:Digestvalue>7jsgSqDrGHnQkoM4DbxMl8zrw2uOPDCKssM40dbsnG4=</dsig:Digestvalue>
            </dsig:Reference>
            <dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="">
                <dsig:Transforms>
                    <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
                        <xpf:XPath xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">//*[@Id='etsi-signed-1-1']/etsi:QualifyingProperties/etsi:SignedProperties</xpf:XPath>
                    </dsig:Transform>
                </dsig:Transforms>
                <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <dsig:Digestvalue>AJjWF42gp3Tqlm1e48cFpEag6qimlxxNLJCN3ifdILo=</dsig:Digestvalue>
            </dsig:Reference>
        </dsig:SignedInfo>
        <dsig:SignatureValue>OOf0hDYe3iviLhhI+ILVzDBMdFe81dyQ9wvGlJoPqK8x8EJ307snhf6Ek+tG769BB5dwc4cfdA+FdImq32zCrw==</dsig:SignatureValue>
        <dsig:KeyInfo>
            <dsig:X509Data>
                <dsig:X509Certificate>MIIFm[...]RLIq62uftJSg==</dsig:X509Certificate>
            </dsig:X509Data>
        </dsig:KeyInfo>
        <dsig:Object Id="signed-data-1-1">MYGRMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwLwYJKoZIhvcNAQkEMSIEIKIfaQzzGO9vOx1dur+Rj8cLeE2YGq/0a3yiOSrhOPIyMEQGCyqGSIb3DQEJEAIvMTUwMzAxMC8wCwYJYIZIAWUDBAIBBCAr+qi8RnPA0LmY6f0eQiHiJSypOC4h8FIOOPMMN9TFsA==</dsig:Object>
        <dsig:Object Id="etsi-signed-1-1">
            <etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-1-1">
                <etsi:SignedProperties>
                    <etsi:SignedSignatureProperties>
                        <etsi:SigningTime>2019-11-10T23:00:45Z</etsi:SigningTime>
                        <etsi:SigningCertificate>
                            <etsi:Cert>
                                <etsi:CertDigest>
                                    <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                    <etsi:Digestvalue>2wlg8N3c1NxfsP3JJs9V/VJevH8=</etsi:Digestvalue>
                                </etsi:CertDigest>
                                <etsi:IssuerSerial>
                                    <dsig:X509IssuerName>CN=a-sign-premium-mobile-05,OU=a-sign-premium-mobile-05,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
                                    <dsig:X509SerialNumber>548505616</dsig:X509SerialNumber>
                                </etsi:IssuerSerial>
                            </etsi:Cert>
                        </etsi:SigningCertificate>
                        <etsi:SignaturePolicyIdentifier>
                            <etsi:SignaturePolicyImplied/>
                        </etsi:SignaturePolicyIdentifier>
                    </etsi:SignedSignatureProperties>
                    <etsi:SignedDataObjectProperties>
                        <etsi:DataObjectFormat ObjectReference="#reference-1-1">
                            <etsi:MimeType>application/octet-stream</etsi:MimeType>
                        </etsi:DataObjectFormat>
                    </etsi:SignedDataObjectProperties>
                </etsi:SignedProperties>
            </etsi:QualifyingProperties>
        </dsig:Object>
    </dsig:Signature>
</sl:CreateXMLSignatureResponse>

有人知道我需要如何修改我的代码以生成有效的签名pdf吗？