[FAB-3307] Adding Identity Validation

This change-set does the following:
1. It ensures that the MSP's SatisfiesPrincipal
function checks validity of the principal identity
under the MSP of the principal.

Change-Id: I99e42be49a53a06e7743ee48221b3e915bd95c30
Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

msp/mspimpl.go

@@ -629,7 +629,7 @@ func (msp *bccspmsp) SatisfiesPrincipal(id Identity, principal *m.MSPPrincipal)
 		}
 
 		if bytes.Equal(id.(*identity).cert.Raw, principalId.(*identity).cert.Raw) {
-			return nil
+			return principalId.Validate()
 		}
 
 		return errors.New("The identities do not match")

msp/revocation_test.go

@@ -19,10 +19,11 @@ package msp
 import (
 	"testing"
 
+	"github.com/hyperledger/fabric/protos/msp"
 	"github.com/stretchr/testify/assert"
 )
 
-func TestRevocation(t *testing.T) {
+func getRevocationMSP(t *testing.T) MSP {
 	// testdata/revocation
 	// 1) a key and a signcert (used to populate the default signing identity);
 	// 2) cacert is the CA that signed the intermediate;
@@ -36,10 +37,33 @@ func TestRevocation(t *testing.T) {
 	err = thisMSP.Setup(conf)
 	assert.NoError(t, err)
 
+	return thisMSP
+}
+
+func TestRevocation(t *testing.T) {
+	thisMSP := getRevocationMSP(t)
+
 	id, err := thisMSP.GetDefaultSigningIdentity()
 	assert.NoError(t, err)
 
 	// the certificate associated to this id is revoked and so validation should fail!
 	err = id.Validate()
 	assert.Error(t, err)
 }
+
+func TestIdentityPolicyPrincipalAgainstRevokedIdentity(t *testing.T) {
+	thisMSP := getRevocationMSP(t)
+
+	id, err := thisMSP.GetDefaultSigningIdentity()
+	assert.NoError(t, err)
+
+	idSerialized, err := id.Serialize()
+	assert.NoError(t, err)
+
+	principal := &msp.MSPPrincipal{
+		PrincipalClassification: msp.MSPPrincipal_IDENTITY,
+		Principal:               idSerialized}
+
+	err = id.SatisfiesPrincipal(principal)
+	assert.Error(t, err)
+}