public interface CapiIdentityFilter extends IdentityFilter
CapiIdentities to determine if a
certificate belongs to the same identity as another existing identity.
For example, the default CapiIdentityFilter uses the CapiContainerName to determine if
certificates belong to the same identity. Entrust uses a common CapiContainerName format
across its products so that identities written with one product can be identified by another product.
However, if the certificates that were part of an Entrust identity, or 3rd part identity are written
to CAPI using an unknown format to the ContainerName, the toolkit will by default use the criteria
specified in the default CapiIdentityFilter implemented in the
CapiIdentities.matchIdentity(Identity, CertificateAndKeyInfo) method. There are some scenarios
such as a DN change that may have occurred during the lifetime of the identity that may not work, so
in those situations, a custom CapiIdentityFilter could be used to find the required identity based
on the appropriate criteria.
matchIdentity