Comment by nimish
Xml canonicalization is insane but necessary. Far more complex than the signature process itself
Then the incredibly stupid need to modify the signed document to insert the signature online so verifying it requires a full blown parser among other things