From 8b19b5d1695c58ea958fbadd43b59dadf278c41f Mon Sep 17 00:00:00 2001
From: dashevchenko <dshevchenko@thingsboard.io>
Date: Fri, 21 Jul 2023 18:56:52 +0300
Subject: [PATCH] added curl command for mqtts

---
 .../ThingsboardSecurityConfiguration.java     |   5 +-
 .../DeviceConnectivityController.java         |   1 -
 .../DeviceConnectivityControllerTest.java     |  51 ++++----
 .../device/DeviceСonnectivityServiceImpl.java | 109 +++++++++++-------
 .../dao/util/DeviceConnectivityUtil.java      |  86 +++++++-------
 5 files changed, 140 insertions(+), 112 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
index 793670f0ab..56a687be21 100644
--- a/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/ThingsboardSecurityConfiguration.java
@@ -78,6 +78,7 @@ public class ThingsboardSecurityConfiguration {
     public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
     public static final String WS_TOKEN_BASED_AUTH_ENTRY_POINT = "/api/ws/**";
     public static final String MAIL_OAUTH2_PROCESSING_ENTRY_POINT = "/api/admin/mail/oauth2/code";
+    public static final String DEVICE_CONNECTIVITY_CERTIFICATE_DOWNLOAD_ENTRY_POINT = "/api/device-connectivity/mqtts/certificate/download";
 
 
     @Autowired private ThingsboardErrorResponseHandler restAccessDeniedHandler;
@@ -136,7 +137,8 @@ public class ThingsboardSecurityConfiguration {
     protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
         List<String> pathsToSkip = new ArrayList<>(Arrays.asList(NON_TOKEN_BASED_AUTH_ENTRY_POINTS));
         pathsToSkip.addAll(Arrays.asList(WS_TOKEN_BASED_AUTH_ENTRY_POINT, TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT,
-                PUBLIC_LOGIN_ENTRY_POINT, DEVICE_API_ENTRY_POINT, WEBJARS_ENTRY_POINT, MAIL_OAUTH2_PROCESSING_ENTRY_POINT));
+                PUBLIC_LOGIN_ENTRY_POINT, DEVICE_API_ENTRY_POINT, WEBJARS_ENTRY_POINT, MAIL_OAUTH2_PROCESSING_ENTRY_POINT,
+                DEVICE_CONNECTIVITY_CERTIFICATE_DOWNLOAD_ENTRY_POINT));
         SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
         JwtTokenAuthenticationProcessingFilter filter
                 = new JwtTokenAuthenticationProcessingFilter(failureHandler, jwtHeaderTokenExtractor, matcher);
@@ -204,6 +206,7 @@ public class ThingsboardSecurityConfiguration {
                 .antMatchers(PUBLIC_LOGIN_ENTRY_POINT).permitAll() // Public login end-point
                 .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
                 .antMatchers(MAIL_OAUTH2_PROCESSING_ENTRY_POINT).permitAll() // Mail oauth2 code processing url
+                .antMatchers(DEVICE_CONNECTIVITY_CERTIFICATE_DOWNLOAD_ENTRY_POINT).permitAll() // Mail oauth2 code processing url
                 .antMatchers(NON_TOKEN_BASED_AUTH_ENTRY_POINTS).permitAll() // static resources, user activation and password reset end-points
                 .and()
                 .authorizeRequests()
diff --git a/application/src/main/java/org/thingsboard/server/controller/DeviceConnectivityController.java b/application/src/main/java/org/thingsboard/server/controller/DeviceConnectivityController.java
index bf745a2033..c11efc05a4 100644
--- a/application/src/main/java/org/thingsboard/server/controller/DeviceConnectivityController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DeviceConnectivityController.java
@@ -89,7 +89,6 @@ public class DeviceConnectivityController extends BaseController {
     }
 
     @ApiOperation(value = "Download mqtt ssl certificate using file path defined in device.connectivity properties (downloadMqttServerCertificate)", notes = "Download Mqtt server certificate." + SYSTEM_OR_TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @RequestMapping(value = "/device-connectivity/{protocol}/certificate/download", method = RequestMethod.GET)
     @ResponseBody
     public ResponseEntity<org.springframework.core.io.Resource> downloadMqttServerCertificate(@ApiParam(value = PROTOCOL_PARAM_DESCRIPTION)
diff --git a/application/src/test/java/org/thingsboard/server/controller/DeviceConnectivityControllerTest.java b/application/src/test/java/org/thingsboard/server/controller/DeviceConnectivityControllerTest.java
index b138778025..05c14dbb8b 100644
--- a/application/src/test/java/org/thingsboard/server/controller/DeviceConnectivityControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/DeviceConnectivityControllerTest.java
@@ -217,17 +217,17 @@ public class DeviceConnectivityControllerTest extends AbstractControllerTest {
         assertThat(mqttCommands.get(MQTT).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 -h localhost -p 1883 -t v1/devices/me/telemetry " +
                         "-u %s -m \"{temperature:25}\"",
                 credentials.getCredentialsId()));
-        assertThat(mqttCommands.get(MQTTS).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 --cafile pathToFile/tb-server-chain.pem -h localhost -p 8883 " +
-                        "-t v1/devices/me/telemetry -u %s -m \"{temperature:25}\"",
-                credentials.getCredentialsId()));
-
+        assertThat(mqttCommands.get(MQTTS).get(0).asText()).isEqualTo("curl http://localhost:80/api/device-connectivity/mqtts/certificate/download -o /tmp/tb-server-chain.pem");
+        assertThat(mqttCommands.get(MQTTS).get(1).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 --cafile tmp/tb-server-chain.pem -h localhost -p 8883 " +
+                        "-t v1/devices/me/telemetry -u %s -m \"{temperature:25}\"", credentials.getCredentialsId()));
 
         JsonNode dockerMqttCommands = commands.get(MQTT).get(DOCKER);
         assertThat(dockerMqttCommands.get(MQTT).asText()).isEqualTo(String.format("docker run -it --rm thingsboard/mosquitto-clients pub -h localhost" +
                         " -p 1883 -t v1/devices/me/telemetry -u %s -m \"{temperature:25}\"",
                 credentials.getCredentialsId()));
-        assertThat(dockerMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("docker run --volume pathToFile/tb-server-chain.pem:/tmp/tb-server-chain.pem " +
-                        "-it --rm thingsboard/mosquitto-clients pub --cafile tmp/tb-server-chain.pem -h localhost -p 8883 -t v1/devices/me/telemetry -u %s -m \"{temperature:25}\"",
+        assertThat(dockerMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("docker run -it --rm thingsboard/mosquitto-clients " +
+                        "/bin/sh -c \"curl -o /tmp/tb-server-chain.pem http://localhost:80/api/device-connectivity/mqtts/certificate/download && " +
+                        "pub --cafile tmp/tb-server-chain.pem -h localhost -p 8883 -t v1/devices/me/telemetry -u %s -m \"{temperature:25}\"\"",
                 credentials.getCredentialsId()));
 
         JsonNode linuxCoapCommands = commands.get(COAP);
@@ -251,21 +251,20 @@ public class DeviceConnectivityControllerTest extends AbstractControllerTest {
                 doGetTyped("/api/device-connectivity/" + savedDevice.getId().getId() ,  new TypeReference<>() {});
         assertThat(commands).hasSize(1);
 
-        JsonNode linuxMqttCommands = commands.get(MQTT);
-        assertThat(linuxMqttCommands.get(MQTT).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 -h localhost -p 1883 -t %s " +
-                        "-u %s -m \"{temperature:25}\"",
-                DEVICE_TELEMETRY_TOPIC, credentials.getCredentialsId()));
-        assertThat(linuxMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 --cafile pathToFile/tb-server-chain.pem -h localhost -p 8883 " +
-                        "-t %s -u %s -m \"{temperature:25}\"",
-                DEVICE_TELEMETRY_TOPIC, credentials.getCredentialsId()));
-
+        JsonNode mqttCommands = commands.get(MQTT);
+        assertThat(mqttCommands.get(MQTT).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 -h localhost -p 1883 -t %s " +
+                        "-u %s -m \"{temperature:25}\"", DEVICE_TELEMETRY_TOPIC, credentials.getCredentialsId()));
+        assertThat(mqttCommands.get(MQTTS).get(0).asText()).isEqualTo("curl http://localhost:80/api/device-connectivity/mqtts/certificate/download -o /tmp/tb-server-chain.pem");
+        assertThat(mqttCommands.get(MQTTS).get(1).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 --cafile tmp/tb-server-chain.pem -h localhost -p 8883 " +
+                "-t %s -u %s -m \"{temperature:25}\"", DEVICE_TELEMETRY_TOPIC, credentials.getCredentialsId()));
 
         JsonNode dockerMqttCommands = commands.get(MQTT).get(DOCKER);
         assertThat(dockerMqttCommands.get(MQTT).asText()).isEqualTo(String.format("docker run -it --rm thingsboard/mosquitto-clients pub -h localhost" +
                         " -p 1883 -t %s -u %s -m \"{temperature:25}\"",
                 DEVICE_TELEMETRY_TOPIC, credentials.getCredentialsId()));
-        assertThat(dockerMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("docker run --volume pathToFile/tb-server-chain.pem:/tmp/tb-server-chain.pem " +
-                        "-it --rm thingsboard/mosquitto-clients pub --cafile tmp/tb-server-chain.pem -h localhost -p 8883 -t %s -u %s -m \"{temperature:25}\"",
+        assertThat(dockerMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("docker run -it --rm thingsboard/mosquitto-clients " +
+                        "/bin/sh -c \"curl -o /tmp/tb-server-chain.pem http://localhost:80/api/device-connectivity/mqtts/certificate/download && " +
+                        "pub --cafile tmp/tb-server-chain.pem -h localhost -p 8883 -t %s -u %s -m \"{temperature:25}\"\"",
                 DEVICE_TELEMETRY_TOPIC, credentials.getCredentialsId()));
     }
 
@@ -295,20 +294,20 @@ public class DeviceConnectivityControllerTest extends AbstractControllerTest {
                 doGetTyped("/api/device-connectivity/" + savedDevice.getId().getId() ,  new TypeReference<>() {});
         assertThat(commands).hasSize(1);
 
-        JsonNode linuxMqttCommands = commands.get(MQTT);
-        assertThat(linuxMqttCommands.get(MQTT).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 -h localhost -p 1883 -t %s " +
-                        "-i %s -u %s -P %s -m \"{temperature:25}\"",
-                DEVICE_TELEMETRY_TOPIC, clientId, userName, password));
-        assertThat(linuxMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 --cafile pathToFile/tb-server-chain.pem -h localhost -p 8883 " +
-                        "-t %s -i %s -u %s -P %s -m \"{temperature:25}\"",
-                DEVICE_TELEMETRY_TOPIC, clientId, userName, password));
+        JsonNode mqttCommands = commands.get(MQTT);
+        assertThat(mqttCommands.get(MQTT).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 -h localhost -p 1883 -t %s " +
+                "-i %s -u %s -P %s -m \"{temperature:25}\"", DEVICE_TELEMETRY_TOPIC, clientId, userName, password));
+        assertThat(mqttCommands.get(MQTTS).get(0).asText()).isEqualTo("curl http://localhost:80/api/device-connectivity/mqtts/certificate/download -o /tmp/tb-server-chain.pem");
+        assertThat(mqttCommands.get(MQTTS).get(1).asText()).isEqualTo(String.format("mosquitto_pub -d -q 1 --cafile tmp/tb-server-chain.pem -h localhost -p 8883 " +
+                "-t %s -i %s -u %s -P %s -m \"{temperature:25}\"", DEVICE_TELEMETRY_TOPIC, clientId, userName, password));
 
         JsonNode dockerMqttCommands = commands.get(MQTT).get(DOCKER);
         assertThat(dockerMqttCommands.get(MQTT).asText()).isEqualTo(String.format("docker run -it --rm thingsboard/mosquitto-clients pub -h localhost" +
                         " -p 1883 -t %s -i %s -u %s -P %s -m \"{temperature:25}\"",
                 DEVICE_TELEMETRY_TOPIC, clientId, userName, password));
-        assertThat(dockerMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("docker run --volume pathToFile/tb-server-chain.pem:/tmp/tb-server-chain.pem " +
-                        "-it --rm thingsboard/mosquitto-clients pub --cafile tmp/tb-server-chain.pem -h localhost -p 8883 -t %s -i %s -u %s -P %s -m \"{temperature:25}\"",
+        assertThat(dockerMqttCommands.get(MQTTS).asText()).isEqualTo(String.format("docker run -it --rm thingsboard/mosquitto-clients " +
+                        "/bin/sh -c \"curl -o /tmp/tb-server-chain.pem http://localhost:80/api/device-connectivity/mqtts/certificate/download && " +
+                        "pub --cafile tmp/tb-server-chain.pem -h localhost -p 8883 -t %s -i %s -u %s -P %s -m \"{temperature:25}\"\"",
                 DEVICE_TELEMETRY_TOPIC, clientId, userName, password));
     }
 
@@ -330,7 +329,7 @@ public class DeviceConnectivityControllerTest extends AbstractControllerTest {
         JsonNode commands =
                 doGetTyped("/api/device-connectivity/" + savedDevice.getId().getId(),  new TypeReference<>() {});
         assertThat(commands).hasSize(1);
-        assertThat(commands.get(MQTT).get(MQTTS).asText()).isEqualTo(CHECK_DOCUMENTATION);
+        assertThat(commands.get(MQTT).get(MQTTS).get(0).asText()).isEqualTo(CHECK_DOCUMENTATION);
         assertThat(commands.get(MQTT).get(DOCKER)).isNull();
     }
 
diff --git a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceСonnectivityServiceImpl.java b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceСonnectivityServiceImpl.java
index 284115ffb2..e15056a2a6 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/device/DeviceСonnectivityServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/device/DeviceСonnectivityServiceImpl.java
@@ -16,6 +16,7 @@
 package org.thingsboard.server.dao.device;
 
 import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.FileUtils;
@@ -36,6 +37,9 @@ import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Optional;
 
 import static org.thingsboard.server.dao.service.Validator.validateId;
@@ -48,7 +52,6 @@ import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.HTTPS;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.LINUX;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.MQTT;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.MQTTS;
-import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.WINDOWS;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.getCoapClientCommand;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.getCurlCommand;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.getDockerMosquittoClientsPublishCommand;
@@ -77,7 +80,6 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
         log.trace("Executing findDevicePublishTelemetryCommands [{}]", deviceId);
         validateId(deviceId, INCORRECT_DEVICE_ID + deviceId);
 
-        String defaultHostname = new URI(baseUrl).getHost();
         DeviceCredentials creds = deviceCredentialsService.findDeviceCredentialsByDeviceId(device.getTenantId(), deviceId);
         DeviceProfile deviceProfile = deviceProfileService.findDeviceProfileById(device.getTenantId(), device.getDeviceProfileId());
         DeviceTransportType transportType = deviceProfile.getTransportType();
@@ -85,11 +87,11 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
         ObjectNode commands = JacksonUtil.newObjectNode();
         switch (transportType) {
             case DEFAULT:
-                Optional.ofNullable(getHttpTransportPublishCommands(defaultHostname, creds))
+                Optional.ofNullable(getHttpTransportPublishCommands(baseUrl, creds))
                         .ifPresent(v -> commands.set(HTTP, v));
-                Optional.ofNullable(getMqttTransportPublishCommands(defaultHostname, creds))
+                Optional.ofNullable(getMqttTransportPublishCommands(baseUrl, creds))
                         .ifPresent(v -> commands.set(MQTT, v));
-                Optional.ofNullable(getCoapTransportPublishCommands(defaultHostname, creds))
+                Optional.ofNullable(getCoapTransportPublishCommands(baseUrl, creds))
                         .ifPresent(v -> commands.set(COAP, v));
                 break;
             case MQTT:
@@ -97,11 +99,11 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
                         (MqttDeviceProfileTransportConfiguration) deviceProfile.getProfileData().getTransportConfiguration();
                 String topicName = transportConfiguration.getDeviceTelemetryTopic();
 
-                Optional.ofNullable(getMqttTransportPublishCommands(defaultHostname, topicName, creds))
+                Optional.ofNullable(getMqttTransportPublishCommands(baseUrl, topicName, creds))
                         .ifPresent(v -> commands.set(MQTT, v));
                 break;
             case COAP:
-                Optional.ofNullable(getCoapTransportPublishCommands(defaultHostname, creds))
+                Optional.ofNullable(getCoapTransportPublishCommands(baseUrl, creds))
                         .ifPresent(v -> commands.set(COAP, v));
                 break;
             default:
@@ -122,7 +124,7 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
         }
     }
 
-    private JsonNode getHttpTransportPublishCommands(String defaultHostname, DeviceCredentials deviceCredentials) {
+    private JsonNode getHttpTransportPublishCommands(String defaultHostname, DeviceCredentials deviceCredentials) throws URISyntaxException {
         ObjectNode httpCommands = JacksonUtil.newObjectNode();
         Optional.ofNullable(getHttpPublishCommand(HTTP, defaultHostname, deviceCredentials))
                 .ifPresent(v -> httpCommands.put(HTTP, v));
@@ -131,34 +133,37 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
         return httpCommands.isEmpty() ? null : httpCommands;
     }
 
-    private String getHttpPublishCommand(String protocol, String defaultHostname, DeviceCredentials deviceCredentials) {
+    private String getHttpPublishCommand(String protocol, String baseUrl, DeviceCredentials deviceCredentials) throws URISyntaxException {
         DeviceConnectivityInfo httpProps = deviceConnectivityConfiguration.getConnectivity().get(protocol);
         if (httpProps == null || !httpProps.getEnabled() ||
                 deviceCredentials.getCredentialsType() != DeviceCredentialsType.ACCESS_TOKEN) {
             return null;
         }
-        String hostName = httpProps.getHost().isEmpty() ? defaultHostname : httpProps.getHost();
+        String hostName = httpProps.getHost().isEmpty() ? new URI(baseUrl).getHost() : httpProps.getHost();
         String port = httpProps.getPort().isEmpty() ? "" : ":" + httpProps.getPort();
 
         return getCurlCommand(protocol, hostName, port, deviceCredentials);
     }
 
-    private JsonNode getMqttTransportPublishCommands(String defaultHostname, DeviceCredentials deviceCredentials) {
-        return getMqttTransportPublishCommands(defaultHostname, DEFAULT_DEVICE_TELEMETRY_TOPIC, deviceCredentials);
+    private JsonNode getMqttTransportPublishCommands(String baseUrl, DeviceCredentials deviceCredentials) throws URISyntaxException {
+        return getMqttTransportPublishCommands(baseUrl, DEFAULT_DEVICE_TELEMETRY_TOPIC, deviceCredentials);
     }
 
-    private JsonNode getMqttTransportPublishCommands(String defaultHostname, String topic, DeviceCredentials deviceCredentials) {
+    private JsonNode getMqttTransportPublishCommands(String baseUrl, String topic, DeviceCredentials deviceCredentials) throws URISyntaxException {
         ObjectNode mqttCommands = JacksonUtil.newObjectNode();
 
-        Optional.ofNullable(getMqttPublishCommand(MQTT, defaultHostname, topic, deviceCredentials))
+        Optional.ofNullable(getMqttPublishCommand(baseUrl, topic, deviceCredentials))
                 .ifPresent(v -> mqttCommands.put(MQTT, v));
-        Optional.ofNullable(getMqttPublishCommand(MQTTS, defaultHostname, topic, deviceCredentials))
-                .ifPresent(v -> mqttCommands.put(MQTTS, v));
+        List<String> mqttsPublishCommand = getMqttsPublishCommand(baseUrl, topic, deviceCredentials);
+        if (mqttsPublishCommand != null){
+            ArrayNode arrayNode = mqttCommands.putArray(MQTTS);
+            mqttsPublishCommand.forEach(arrayNode::add);
+        }
 
         ObjectNode dockerMqttCommands = JacksonUtil.newObjectNode();
-        Optional.ofNullable(getDockerMqttPublishCommand(MQTT, defaultHostname, topic, deviceCredentials))
+        Optional.ofNullable(getDockerMqttPublishCommand(MQTT,baseUrl, topic, deviceCredentials))
                 .ifPresent(v -> dockerMqttCommands.put(MQTT, v));
-        Optional.ofNullable(getDockerMqttPublishCommand(MQTTS, defaultHostname, topic, deviceCredentials))
+        Optional.ofNullable(getDockerMqttPublishCommand(MQTTS, baseUrl, topic, deviceCredentials))
                 .ifPresent(v -> dockerMqttCommands.put(MQTTS, v));
 
         if (!dockerMqttCommands.isEmpty()) {
@@ -167,41 +172,62 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
         return mqttCommands.isEmpty() ? null : mqttCommands;
     }
 
-    private String getMqttPublishCommand(String protocol, String defaultHostname, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) {
-        if (MQTTS.equals(protocol) && deviceCredentials.getCredentialsType() == DeviceCredentialsType.X509_CERTIFICATE) {
-            return CHECK_DOCUMENTATION;
+    private String getMqttPublishCommand(String baseUrl, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) throws URISyntaxException {
+        DeviceConnectivityInfo properties = deviceConnectivityConfiguration.getConnectivity().get(MQTT);
+        if (properties == null || !properties.getEnabled()) {
+            return null;
         }
+        String mqttHost = properties.getHost().isEmpty() ? new URI(baseUrl).getHost() : properties.getHost();
+        String mqttPort = properties.getPort().isEmpty() ? null : properties.getPort();
+        return getMosquittoPubPublishCommand(MQTT, mqttHost, mqttPort, deviceTelemetryTopic, deviceCredentials);
+    }
+
+    private List<String> getMqttsPublishCommand(String baseUrl, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) throws URISyntaxException {
+        String pubCommand;
+        if (deviceCredentials.getCredentialsType() == DeviceCredentialsType.X509_CERTIFICATE) {
+            return List.of(CHECK_DOCUMENTATION);
+        } else {
+            DeviceConnectivityInfo properties = deviceConnectivityConfiguration.getConnectivity().get(MQTTS);
+            if (properties == null || !properties.getEnabled()) {
+                return null;
+            }
+            String mqttHost = properties.getHost().isEmpty() ? new URI(baseUrl).getHost() : properties.getHost();
+            String mqttPort = properties.getPort().isEmpty() ? null : properties.getPort();
+            pubCommand = getMosquittoPubPublishCommand(MQTTS, mqttHost, mqttPort, deviceTelemetryTopic, deviceCredentials);
+        }
+
+        ArrayList<String> commands = new ArrayList<>();
+        if (pubCommand != null) {
+            commands.add("curl " + baseUrl + "/api/device-connectivity/mqtts/certificate/download -o /tmp/tb-server-chain.pem");
+            commands.add(pubCommand);
+            return commands;
+        }
+        return null;
+    }
+
+
+    private String getDockerMqttPublishCommand(String protocol, String baseUrl, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) throws URISyntaxException {
         DeviceConnectivityInfo properties = deviceConnectivityConfiguration.getConnectivity().get(protocol);
         if (properties == null || !properties.getEnabled()) {
             return null;
         }
-        String mqttHost = properties.getHost().isEmpty() ? defaultHostname : properties.getHost();
+        String mqttHost = properties.getHost().isEmpty() ? new URI(baseUrl).getHost() : properties.getHost();
         String mqttPort = properties.getPort().isEmpty() ? null : properties.getPort();
-        return getMosquittoPubPublishCommand(protocol, mqttHost, mqttPort, deviceTelemetryTopic, deviceCredentials);
+        return getDockerMosquittoClientsPublishCommand(protocol, baseUrl, mqttHost, mqttPort, deviceTelemetryTopic, deviceCredentials);
     }
 
-    private String getDockerMqttPublishCommand(String protocol, String defaultHostname, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) {
-        DeviceConnectivityInfo properties = deviceConnectivityConfiguration.getConnectivity().get(protocol);
-        if (properties == null || !properties.getEnabled()) {
-            return null;
-        }
-        String mqttHost = properties.getHost().isEmpty() ? defaultHostname : properties.getHost();
-        String mqttPort = properties.getPort().isEmpty() ? null : properties.getPort();
-        return getDockerMosquittoClientsPublishCommand(protocol, mqttHost, mqttPort, deviceTelemetryTopic, deviceCredentials);
-    }
-
-    private JsonNode getCoapTransportPublishCommands(String defaultHostname, DeviceCredentials deviceCredentials) {
+    private JsonNode getCoapTransportPublishCommands(String baseUrl, DeviceCredentials deviceCredentials) throws URISyntaxException {
         ObjectNode coapCommands = JacksonUtil.newObjectNode();
 
-        Optional.ofNullable(getCoapPublishCommand(LINUX, COAP, defaultHostname, deviceCredentials))
+        Optional.ofNullable(getCoapPublishCommand(COAP, baseUrl, deviceCredentials))
                 .ifPresent(v -> coapCommands.put(COAP, v));
-        Optional.ofNullable(getCoapPublishCommand(LINUX, COAPS, defaultHostname, deviceCredentials))
+        Optional.ofNullable(getCoapPublishCommand(COAPS, baseUrl, deviceCredentials))
                 .ifPresent(v -> coapCommands.put(COAPS, v));
 
         return coapCommands.isEmpty() ? null : coapCommands;
     }
 
-    private String getCoapPublishCommand(String os, String protocol, String defaultHostname, DeviceCredentials deviceCredentials) {
+    private String getCoapPublishCommand(String protocol, String baseUrl, DeviceCredentials deviceCredentials) throws URISyntaxException {
         if (COAPS.equals(protocol) && deviceCredentials.getCredentialsType() == DeviceCredentialsType.X509_CERTIFICATE) {
             return CHECK_DOCUMENTATION;
         }
@@ -209,14 +235,9 @@ public class DeviceСonnectivityServiceImpl implements DeviceConnectivityService
         if (properties == null || !properties.getEnabled()) {
             return null;
         }
-        String hostName = properties.getHost().isEmpty() ? defaultHostname : properties.getHost();
+        String hostName = properties.getHost().isEmpty() ? new URI(baseUrl).getHost() : properties.getHost();
         String port = properties.getPort().isEmpty() ? "" : ":" + properties.getPort();
 
-        switch (os) {
-            case LINUX:
-                return getCoapClientCommand(protocol, hostName, port, deviceCredentials);
-            default:
-                throw new IllegalArgumentException("Unsupported operating system: " + os);
-        }
+        return getCoapClientCommand(protocol, hostName, port, deviceCredentials);
     }
 }
diff --git a/dao/src/main/java/org/thingsboard/server/dao/util/DeviceConnectivityUtil.java b/dao/src/main/java/org/thingsboard/server/dao/util/DeviceConnectivityUtil.java
index 72eac8bdea..e99df56e64 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/util/DeviceConnectivityUtil.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/util/DeviceConnectivityUtil.java
@@ -19,6 +19,9 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.device.credentials.BasicMqttCredentials;
 import org.thingsboard.server.common.data.security.DeviceCredentials;
 
+import java.util.ArrayList;
+import java.util.List;
+
 public class DeviceConnectivityUtil {
 
     public static final String HTTP = "http";
@@ -41,46 +44,6 @@ public class DeviceConnectivityUtil {
 
     public static String getMosquittoPubPublishCommand(String protocol, String host, String port, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) {
         StringBuilder command = new StringBuilder("mosquitto_pub -d -q 1");
-        if (MQTTS.equals(protocol)) {
-            command.append(" --cafile pathToFile/" + MQTT_SSL_PEM_FILE_NAME);
-        }
-        command.append(" -h ").append(host).append(port == null ? "" : " -p " + port);
-        command.append(" -t ").append(deviceTelemetryTopic);
-
-        switch (deviceCredentials.getCredentialsType()) {
-            case ACCESS_TOKEN:
-                command.append(" -u ").append(deviceCredentials.getCredentialsId());
-                break;
-            case MQTT_BASIC:
-                BasicMqttCredentials credentials = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(),
-                        BasicMqttCredentials.class);
-                if (credentials != null) {
-                    if (credentials.getClientId() != null) {
-                        command.append(" -i ").append(credentials.getClientId());
-                    }
-                    if (credentials.getUserName() != null) {
-                        command.append(" -u ").append(credentials.getUserName());
-                    }
-                    if (credentials.getPassword() != null) {
-                        command.append(" -P ").append(credentials.getPassword());
-                    }
-                } else {
-                    return null;
-                }
-                break;
-            default:
-                return null;
-        }
-        command.append(" -m " + JSON_EXAMPLE_PAYLOAD);
-        return command.toString();
-    }
-
-    public static String getDockerMosquittoClientsPublishCommand(String protocol, String host, String port, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) {
-        StringBuilder command = new StringBuilder("docker run");
-        if (MQTTS.equals(protocol)) {
-            command.append(" --volume pathToFile/" + MQTT_SSL_PEM_FILE_NAME + ":/tmp/" + MQTT_SSL_PEM_FILE_NAME);
-        }
-        command.append(" -it --rm thingsboard/mosquitto-clients pub");
         if (MQTTS.equals(protocol)) {
             command.append(" --cafile tmp/" + MQTT_SSL_PEM_FILE_NAME);
         }
@@ -115,6 +78,49 @@ public class DeviceConnectivityUtil {
         return command.toString();
     }
 
+    public static String getDockerMosquittoClientsPublishCommand(String protocol, String baseUrl, String host, String port, String deviceTelemetryTopic, DeviceCredentials deviceCredentials) {
+        StringBuilder command = new StringBuilder("docker run -it --rm thingsboard/mosquitto-clients ");
+        if (MQTTS.equals(protocol)) {
+            command.append("/bin/sh -c \"curl -o /tmp/tb-server-chain.pem ").append(baseUrl).append("/api/device-connectivity/mqtts/certificate/download && ");
+        }
+        command.append("pub");
+        if (MQTTS.equals(protocol)) {
+            command.append(" --cafile tmp/" + MQTT_SSL_PEM_FILE_NAME);
+        }
+        command.append(" -h ").append(host).append(port == null ? "" : " -p " + port);
+        command.append(" -t ").append(deviceTelemetryTopic);
+
+        switch (deviceCredentials.getCredentialsType()) {
+            case ACCESS_TOKEN:
+                command.append(" -u ").append(deviceCredentials.getCredentialsId());
+                break;
+            case MQTT_BASIC:
+                BasicMqttCredentials credentials = JacksonUtil.fromString(deviceCredentials.getCredentialsValue(),
+                        BasicMqttCredentials.class);
+                if (credentials != null) {
+                    if (credentials.getClientId() != null) {
+                        command.append(" -i ").append(credentials.getClientId());
+                    }
+                    if (credentials.getUserName() != null) {
+                        command.append(" -u ").append(credentials.getUserName());
+                    }
+                    if (credentials.getPassword() != null) {
+                        command.append(" -P ").append(credentials.getPassword());
+                    }
+                } else {
+                    return null;
+                }
+                break;
+            default:
+                return null;
+        }
+        command.append(" -m " + JSON_EXAMPLE_PAYLOAD);
+        if (MQTTS.equals(protocol)) {
+            command.append("\"");
+        }
+        return command.toString();
+    }
+
     public static String getCoapClientCommand(String protocol, String host, String port, DeviceCredentials deviceCredentials) {
         switch (deviceCredentials.getCredentialsType()) {
             case ACCESS_TOKEN: