added mqtt server chain certificate

application/src/main/resources/thingsboard.yml

@@ -990,27 +990,28 @@ device:
   connectivity:
     http:
       enabled: "${DEVICE_CONNECTIVITY_HTTP_ENABLED:true}"
-      host: "${DEVICE_CONNECTIVITY_HTTP_HOST:localhost}"
+      host: "${DEVICE_CONNECTIVITY_HTTP_HOST:}"
       port: "${DEVICE_CONNECTIVITY_HTTP_PORT:8080}"
     https:
       enabled: "${DEVICE_CONNECTIVITY_HTTPS_ENABLED:false}"
-      host: "${DEVICE_CONNECTIVITY_HTTPS_HOST:localhost}"
+      host: "${DEVICE_CONNECTIVITY_HTTPS_HOST:}"
       port: "${DEVICE_CONNECTIVITY_HTTPS_PORT:443}"
     mqtt:
       enabled: "${DEVICE_CONNECTIVITY_MQTT_ENABLED:true}"
-      host: "${DEVICE_CONNECTIVITY_MQTT_HOST:localhost}"
+      host: "${DEVICE_CONNECTIVITY_MQTT_HOST:}"
       port: "${DEVICE_CONNECTIVITY_MQTT_PORT:1883}"
     mqtts:
       enabled: "${DEVICE_CONNECTIVITY_MQTTS_ENABLED:false}"
-      host: "${DEVICE_CONNECTIVITY_MQTTS_HOST:localhost}"
+      host: "${DEVICE_CONNECTIVITY_MQTTS_HOST:}"
       port: "${DEVICE_CONNECTIVITY_MQTTS_PORT:8883}"
+      tb_server_chain_path: "${DEVICE_CONNECTIVITY_MQTTS_SERVER_CHAIN_PATH:}"
     coap:
       enabled: "${DEVICE_CONNECTIVITY_COAP_ENABLED:true}"
-      host: "${DEVICE_CONNECTIVITY_COAP_HOST:localhost}"
+      host: "${DEVICE_CONNECTIVITY_COAP_HOST:}"
       port: "${DEVICE_CONNECTIVITY_COAP_PORT:5683}"
     coaps:
       enabled: "${DEVICE_CONNECTIVITY_COAPS_ENABLED:false}"
-      host: "${DEVICE_CONNECTIVITY_COAPS_HOST:localhost}"
+      host: "${DEVICE_CONNECTIVITY_COAPS_HOST:}"
       port: "${DEVICE_CONNECTIVITY_COAPS_PORT:5684}"
 
 # Edges parameters

dao/src/main/java/org/thingsboard/server/dao/device/DeviceConnectivityInfo.java

@@ -22,4 +22,5 @@ public class DeviceConnectivityInfo {
     private Boolean enabled;
     private String host;
     private String port;
+    private String sslCertPath;
 }

dao/src/main/java/org/thingsboard/server/dao/device/DeviceConnectivityMqttSslCertService.java

@@ -0,0 +1,53 @@
+/**
+ * Copyright © 2016-2023 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.device;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.io.FileUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.thingsboard.server.common.data.ResourceUtils;
+
+import javax.annotation.PostConstruct;
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.MQTTS;
+
+@Service
+@Slf4j
+public class DeviceConnectivityMqttSslCertService implements TbDeviceConnectivitySslCertService {
+
+    private String certificate;
+    @Autowired
+    private DeviceConnectivityConfiguration deviceConnectivityConfiguration;
+
+    @PostConstruct
+    private void postConstruct() throws IOException {
+        String sslCertPath = deviceConnectivityConfiguration.getConnectivity()
+                .get(MQTTS)
+                .getSslCertPath();
+        if (!sslCertPath.isEmpty() && ResourceUtils.resourceExists(this, sslCertPath)) {
+            certificate = FileUtils.readFileToString(new File(sslCertPath), StandardCharsets.UTF_8);
+        }
+    }
+
+    @Override
+    public String getMqttSslCertificate() {
+        return certificate;
+    }
+}

dao/src/main/java/org/thingsboard/server/dao/device/DeviceServiceImpl.java

@@ -99,6 +99,7 @@ import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.JSON_EXAMPL
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.MQTT;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.MQTTS;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.CHECK_DOCUMENTATION;
+import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.SERVER_CHAIN_PEM;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.getCoapClientCommand;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.getCurlCommand;
 import static org.thingsboard.server.dao.util.DeviceConnectivityUtil.getMosquittoPublishCommand;
@@ -136,6 +137,9 @@ public class DeviceServiceImpl extends AbstractCachedEntityService<DeviceCacheKe
     @Autowired
     private DeviceConnectivityConfiguration deviceConnectivityConfiguration;
 
+    @Autowired
+    private DeviceConnectivityMqttSslCertService deviceConnectivityMqttSslCertService;
+
     @Override
     public DeviceInfo findDeviceInfoById(TenantId tenantId, DeviceId deviceId) {
         log.trace("Executing findDeviceInfoById [{}]", deviceId);
@@ -181,6 +185,10 @@ public class DeviceServiceImpl extends AbstractCachedEntityService<DeviceCacheKe
             default:
                 commands.put(transportType.name(), CHECK_DOCUMENTATION);
         }
+
+        if (commands.containsKey(MQTTS) && deviceConnectivityMqttSslCertService.getMqttSslCertificate() != null) {
+            commands.put(SERVER_CHAIN_PEM, deviceConnectivityMqttSslCertService.getMqttSslCertificate());
+        }
         return commands;
     }
 

dao/src/main/java/org/thingsboard/server/dao/device/TbDeviceConnectivitySslCertService.java

@@ -0,0 +1,21 @@
+/**
+ * Copyright © 2016-2023 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.device;
+
+
+public interface TbDeviceConnectivitySslCertService {
+    String getMqttSslCertificate();
+}

dao/src/main/java/org/thingsboard/server/dao/util/DeviceConnectivityUtil.java

@@ -27,6 +27,7 @@ public class DeviceConnectivityUtil {
     public static final String MQTTS = "mqtts";
     public static final String COAP = "coap";
     public static final String COAPS = "coaps";
+    public static final String SERVER_CHAIN_PEM = "serverChainPem";
     public static final String CHECK_DOCUMENTATION = "Check documentation";
     public static final String JSON_EXAMPLE_PAYLOAD = "\"{temperature:25}\"";
 
@@ -74,7 +75,7 @@ public class DeviceConnectivityUtil {
     public static String getCoapClientCommand(String protocol, String host, String port, DeviceCredentials deviceCredentials) {
         switch (deviceCredentials.getCredentialsType()) {
             case ACCESS_TOKEN:
-                String client = COAPS.equals(protocol) ? "coap-client-openssl -v 9" : "coap-client";
+                String client = COAPS.equals(protocol) ? "coap-client-openssl" : "coap-client";
                 return String.format("%s -m POST %s://%s%s/api/v1/%s/telemetry -t json -e %s",
                         client, protocol, host, port, deviceCredentials.getCredentialsId(), JSON_EXAMPLE_PAYLOAD);
             default: