public static bool ValidateCertificate(byte[] issuingCertificate, byte[] certificateToValidate) { RSAParameters rsaParameters = GetRSAParameters(issuingCertificate); byte[] certificateSignature = ByteReader.ReadBytes(certificateToValidate, certificateToValidate.Length - 256, 256); byte[] decodedSignature = RSAHelper.DecryptSignature(certificateSignature, rsaParameters); byte[] tbsCertificate = CertificateHelper.ExtractTbsCertificate(certificateToValidate); if (StartsWith(decodedSignature, SHA_256_PKCS_ID)) { byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_256_PKCS_ID.Length, 32); SHA256Managed sha256 = new SHA256Managed(); byte[] hash = sha256.ComputeHash(tbsCertificate); return(ByteUtils.AreByteArraysEqual(hash, expectedHash)); } else if (StartsWith(decodedSignature, SHA_160_PKCS_ID)) { byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_160_PKCS_ID.Length, 20); SHA1Managed sha1 = new SHA1Managed(); byte[] hash = sha1.ComputeHash(tbsCertificate); return(ByteUtils.AreByteArraysEqual(hash, expectedHash)); } else { throw new NotImplementedException("Unsupported Signature PKCS ID"); } }