/**
  * Constructs a holder for v2 attribute certificates with a hash value for some type of object.
  *
  * <p><code>digestedObjectType</code> can be one of the following:
  *
  * <ul>
  *   <li>0 - publicKey - A hash of the public key of the holder must be passed.
  *   <li>1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
  *   <li>2 - otherObjectDigest - A hash of some other object type must be passed. <code>
  *       otherObjectTypeID</code> must not be empty.
  * </ul>
  *
  * <p>This cannot be used if a v1 attribute certificate is used.
  *
  * @param digestedObjectType The digest object type.
  * @param digestAlgorithm The algorithm identifier for the hash.
  * @param otherObjectTypeID The object type ID if <code>digestedObjectType</code> is <code>
  *     otherObjectDigest</code>.
  * @param objectDigest The hash value.
  */
 public AttributeCertificateHolder(
     int digestedObjectType,
     String digestAlgorithm,
     String otherObjectTypeID,
     byte[] objectDigest) {
   holder =
       new Holder(
           new ObjectDigestInfo(
               digestedObjectType,
               otherObjectTypeID,
               new AlgorithmIdentifier(digestAlgorithm),
               Arrays.clone(objectDigest)));
 }
  public boolean match(Certificate cert) {
    if (!(cert instanceof X509Certificate)) {
      return false;
    }

    X509Certificate x509Cert = (X509Certificate) cert;

    try {
      if (holder.getBaseCertificateID() != null) {
        return holder
                .getBaseCertificateID()
                .getSerial()
                .getValue()
                .equals(x509Cert.getSerialNumber())
            && matchesDN(
                PrincipalUtil.getIssuerX509Principal(x509Cert),
                holder.getBaseCertificateID().getIssuer());
      }

      if (holder.getEntityName() != null) {
        if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), holder.getEntityName())) {
          return true;
        }
      }
      if (holder.getObjectDigestInfo() != null) {
        MessageDigest md = null;
        try {
          md = MessageDigest.getInstance(getDigestAlgorithm(), "DFBC");

        } catch (Exception e) {
          return false;
        }
        switch (getDigestedObjectType()) {
          case ObjectDigestInfo.publicKey:
            // TODO: DSA Dss-parms
            md.update(cert.getPublicKey().getEncoded());
            break;
          case ObjectDigestInfo.publicKeyCert:
            md.update(cert.getEncoded());
            break;
        }
        if (!Arrays.areEqual(md.digest(), getObjectDigest())) {
          return false;
        }
      }
    } catch (CertificateEncodingException e) {
      return false;
    }

    return false;
  }