public static bool ValidateCertificate(byte[] issuingCertificate, byte[] certificateToValidate)
{
RSAParameters rsaParameters = GetRSAParameters(issuingCertificate);
byte[] certificateSignature = ByteReader.ReadBytes(certificateToValidate, certificateToValidate.Length - 256, 256);
byte[] decodedSignature = RSAHelper.DecryptSignature(certificateSignature, rsaParameters);
byte[] tbsCertificate = CertificateHelper.ExtractTbsCertificate(certificateToValidate);
if (StartsWith(decodedSignature, SHA_256_PKCS_ID))
{
byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_256_PKCS_ID.Length, 32);
SHA256Managed sha256 = new SHA256Managed();
byte[] hash = sha256.ComputeHash(tbsCertificate);
return(ByteUtils.AreByteArraysEqual(hash, expectedHash));
}
else if (StartsWith(decodedSignature, SHA_160_PKCS_ID))
{
byte[] expectedHash = ByteReader.ReadBytes(decodedSignature, SHA_160_PKCS_ID.Length, 20);
SHA1Managed sha1 = new SHA1Managed();
byte[] hash = sha1.ComputeHash(tbsCertificate);
return(ByteUtils.AreByteArraysEqual(hash, expectedHash));
}
else
{
throw new NotImplementedException("Unsupported Signature PKCS ID");
}
}
