private bool IsExpectedIssuer(X509Chain chain) { if (_expectedIssuer == CertificateIssuer.None) { return(true); } if (IssuerThumbprints == null) { throw new SecurityTokenValidationException("Validation failed. No intermediate CA certificate thumbprint(s) defined to check against."); } var issuer = chain.Issuer(); return(IssuerThumbprints.Contains(issuer.Certificate.Thumbprint, thumbprintComparer)); }