Release 2.8.0

# 2.8.0 (October 30, 2019)
Custom Vehicle Data, RPC Encryption, Widgets, and more.

### What's New
* **Widgets**. Functional groups can now be flagged as a `widget` functional group on the group's details page to be automatically granted to applications requesting widget permissions. You can see if an application is requesting widget permissions during application review. More information about this feature can be found in the [Evolution Proposal](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0216-widget-support.md).
* **Custom Vehicle Data**. Also known as "Generic Network Signal Data", this feature allows OEMs to define custom vehicle data items to be sent to Core, include the items within functional groups with applicable RPCs (such as `GetVehicleData`), flag functional groups as proprietary, and manually grant proprietary functional groups to applications during the review process. More information about this feature can be found in the [Evolution Proposal](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0173-Read-Generic-Network-Signal-data.md).
* **RPC Encryption**. Functional groups can now be flagged as requiring encryption, which informs Core to require an application to use encryption when calling RPCs contained in the functional group. Applications can also be flagged as requiring encryption during the review process, which is used in conjunction with the functional group encryption flag. Additionally, OEMs may now configure SDL Server as a Certificate Authority to be used to generate and sign `module_config` certificates and application certificates. These certificates will auto-renew when they approach their expiration date and a new API has been added to allow OEM mobile security libraries to fetch application certificates. More information about this feature can be found in the [Evolution Proposal](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0207-rpc-message-protection.md).
* **Passenger Mode**. OEMs can allow passengers to dismiss the SDL lock screen via a new checkbox on the Module Config page. More information about this feature can be found in the [Evolution Proposal](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0119-SDL-passenger-mode.md).
* **New RPCs**. If you have not yet assigned new RPCs to functional groups prior to installing this update, the new RPCs will automatically be attempted to be added to the appropriate functional groups. The new RPCs are described in the Evolution Proposals for [Update Published App Services](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0225-update-published-app-services.md), [Cancel Interaction RPC](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0184-cancel-interaction.md), [Open Menu RPC](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0116-open-menu.md), [Remote Control - Allow Multiple Modules per Module Type](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0221-multiple-modules.md), and [Close Application RPC](https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0115-close-application.md). 
* **Bug Fixes**. Various bug fixes, such as including extra back-end constraints on functional group assignments to ensure that certain group types are not automatically granted to apps even if they contain common RPCs the app has specifically requested.

If you have any questions about this release or about SDL Policy Server in general, please join us in the `#sdl_server` channel of our public [Slack Organization](http://slack.smartdevicelink.com/).

Author: Nick Schwab

.gitignore

@@ -3,6 +3,8 @@ node_modules/
 dist/
 *.log
 .env
+*.pem
+*.key
 
 # Editor directories and files
 .idea

app/v1/about/controller.js

@@ -1,19 +1,20 @@
 const app = require('../app');
-const async = require('async');
 const config = require('../../../settings.js');
 const packageJson = require('../../../package.json'); //configuration module
 const requestjs = require('request');
 const semver = require('semver');
+const certificateController = require('../certificates/controller.js');
 
 exports.getInfo = function (req, res, next) {
 	var data = {
 		"current_version": packageJson.version,
 		"latest_version": packageJson.version,
 		"is_update_available": false,
-		"ssl_port": config.policyServerPortSSL,
+		"ssl_port": config.ssl.policyServerPort,
 		"cache_module": config.cacheModule,
 		"auth_type": config.authType,
 		"auto_approve_all_apps": config.autoApproveAllApps,
+		"encryption_required": config.autoApproveSetRPCEncryption,
 		"base_url": app.locals.baseUrl,
 		"notification": {
 			"appsPendingReview": {
@@ -28,7 +29,8 @@ exports.getInfo = function (req, res, next) {
 					"to_count": config.notification.appsPendingReview.email.to.split(",").length
 				}
 			}
-		}
+		},
+		"certificate_authority": certificateController.openSSLEnabled
 	};
 
 	requestjs({
@@ -43,6 +45,14 @@ exports.getInfo = function (req, res, next) {
 			data.is_update_available = semver.lt(data.current_version, data.latest_version);
 			data.update_type = semver.diff(data.current_version, data.latest_version);
 		}
+		if(data.certificate_authority){
+			return certificateController.checkAuthorityValidity(function(isAuthorityValid){
+				data.is_authority_valid = isAuthorityValid && data.certificate_authority;
+				res.parcel.setStatus(200)
+					.setData(data)
+					.deliver();
+			})
+		}
 
 		res.parcel.setStatus(200)
 			.setData(data)

app/v1/app.js

@@ -27,9 +27,13 @@ app.locals.version = path.basename(__dirname);
 
 // construct base URL, e.g. "http://localhost:3000"
 app.locals.baseUrl = "http";
-if(app.locals.config.policyServerPort == 443) app.locals.baseUrl += "s";
+if(app.locals.config.ssl.policyServerPort) app.locals.baseUrl += "s";
 app.locals.baseUrl += "://" + app.locals.config.policyServerHost;
-if(![80,443].includes(app.locals.config.policyServerPort)) app.locals.baseUrl += ":" + app.locals.config.policyServerPort;
+if(app.locals.config.ssl.policyServerPort && app.locals.config.ssl.policyServerPort != 443){
+    app.locals.baseUrl += ":" + app.locals.config.ssl.policyServerPort;
+}else if(app.locals.config.policyServerPort != 80){
+    app.locals.baseUrl += ":" + app.locals.config.policyServerPort;
+}
 
 //export app before requiring dependent modules to avoid circular dependency issues
 module.exports = app;
@@ -49,6 +53,8 @@ const services = require('./services/controller.js');
 const moduleConfig = require('./module-config/controller.js');
 const about = require('./about/controller.js');
 const auth = require('./middleware/auth.js');
+const certificates = require('./certificates/controller.js');
+const vehicleData = require('./vehicle-data/controller.js');
 
 function exposeRoutes () {
 	// use helmet middleware for security
@@ -66,7 +72,13 @@ function exposeRoutes () {
 	app.post('/applications/administrator', auth.validateAuth, applications.administratorPost);
 	app.post('/applications/passthrough', auth.validateAuth, applications.passthroughPost);
 	app.post('/applications/hybrid', auth.validateAuth, applications.hybridPost);
+	app.put('/applications/rpcencryption', auth.validateAuth, applications.rpcEncryptionPut);
 	app.put('/applications/service/permission', auth.validateAuth, applications.putServicePermission);
+	app.post('/applications/certificate/get', applications.getAppCertificate);
+	app.get('/applications/certificate/get', applications.getAppCertificate);
+	app.post('/applications/certificate', applications.updateAppCertificate);
+	app.get('/applications/groups', auth.validateAuth, applications.getFunctionalGroups);
+	app.put('/applications/groups', auth.validateAuth, applications.putFunctionalGroup);
 	app.post('/webhook', applications.webhook); //webhook route
 	//begin policy table routes
 	app.post('/staging/policy', policy.postFromCoreStaging);
@@ -89,32 +101,41 @@ function exposeRoutes () {
 	app.post('/module', auth.validateAuth, moduleConfig.post);
 	app.post('/module/promote', auth.validateAuth, moduleConfig.promote);
 	app.get('/about', auth.validateAuth, about.getInfo);
-}
-
-function updatePermissionsAndGenerateTemplates (next) {
-	permissions.update(function () {
-		//generate functional group templates for fast responding to the UI for function group info
-		//requires that permission information has updated
-		groups.generateFunctionGroupTemplates(function () {
-			log.info("Functional groups generated");
-			if (next) {
-				next();
-			}
-		});
-	});
+	app.post('/security/certificate', certificates.createCertificate);
+	app.post('/security/private', certificates.createPrivateKey);
+  //begin vehicle data routes
+  app.post('/vehicle-data', auth.validateAuth, vehicleData.post);
+  app.get('/vehicle-data', auth.validateAuth, vehicleData.get);
+  app.post('/vehicle-data/promote', auth.validateAuth, vehicleData.promote);
+  app.get('/vehicle-data/type', auth.validateAuth, vehicleData.getValidTypes);
 }
 
 //do not allow routes to be exposed until these async functions are completed
 flame.async.parallel([
+	//certificate expiration check and renewal for both applications and for the module config
+	applications.checkAndUpdateCertificates,
+	moduleConfig.checkAndUpdateCertificate,
 	//get and store permission info from SHAID on startup
-	updatePermissionsAndGenerateTemplates,
+	function (next) {
+		permissions.update(function () {
+			log.info("Permissions updated");
+			next();
+		});
+	},
 	function (next) {
 		// get and store app service type info from SHAID on startup
 		services.upsertTypes(function () {
 			log.info("App service types updated");
 			next();
 		});
 	},
+    function (next) {
+		//get and store app categories from SHAID on startup
+		applications.queryAndStoreCategories(function() {
+			log.info('App categories updated');
+			next();
+		});
+	},
 	function (next) {
 		//get and store language code info from the GitHub SDL RPC specification on startup
 		messages.updateLanguages(function () {
@@ -129,11 +150,30 @@ flame.async.parallel([
 			next();
 		});
 	},
+	function(next) {
+	 	vehicleData.updateRpcSpec(function() {
+            log.info("RPC Spec updated");
+            next();
+	 	});
+	},
 ], function () {
 	log.info("Start up complete. Exposing routes.");
 	exposeRoutes();
 });
 
 //cron job for running updates. runs once a day at midnight
-new Cron('00 00 00 * * *', updatePermissionsAndGenerateTemplates, null, true);
-new Cron('00 00 00 * * *', messages.updateLanguages, null, true);
+new Cron('00 00 00 * * *', permissions.update, null, true);
+new Cron('00 05 00 * * *', messages.updateLanguages, null, true);
+new Cron('00 10 00 * * *', applications.queryAndStoreCategories, null, true);
+new Cron('00 15 00 * * *', vehicleData.updateRpcSpec, null, true);
+new Cron('00 20 00 * * *', applications.checkAndUpdateCertificates, null, true);
+new Cron('00 25 00 * * *', moduleConfig.checkAndUpdateCertificate, null, true);
+
+/* FOR TESTING
+new Cron('10 * * * * *', permissions.update, null, true);
+new Cron('20 * * * * *', messages.updateLanguages, null, true);
+new Cron('30 * * * * *', applications.queryAndStoreCategories, null, true);
+new Cron('40 * * * * *', vehicleData.updateRpcSpec, null, true);
+new Cron('50 * * * * *', applications.checkAndUpdateCertificates, null, true);
+new Cron('00 * * * * *', moduleConfig.checkAndUpdateCertificate, null, true);
+*/