OPC UA 开源库编译方法及通过OPC UA连接西门S7-1200 PLC通信并进行数据交换[一]

前言

在现代工业自动化领域，OPC UA（开放性生产控制和统一架构）是一种广泛应用的通信协议。本文将以通俗易懂的方式解释OPC UA的含义和作用，帮助读者更好地理解这一概念。

一、OPC UA的定义

OPC UA全称为“开放性生产控制和统一架构”。简单来说，它是一种用于不同设备和系统之间进行通信的技术规范。通过OPC UA，各种设备和系统可以互相交流和共享数据，实现更高效的工业自动化。

二、为什么需要OPC UA？

在过去，不同厂商生产的设备使用不同的通信协议，导致设备之间难以互相沟通。这给工业自动化带来了许多挑战，比如数据集成困难、系统复杂等。OPC UA应运而生，解决了这些问题，带来了许多好处：

1. 开放性：OPC UA是一种开放的技术标准，可以应用于不同的设备和系统。无论是传感器、控制器还是各种工业设备，只要支持OPC UA，它们就可以相互通信，实现无缝集成。

2. 统一架构：OPC UA提供了一种统一的架构和数据模型，使得不同设备的数据能够以统一的方式进行表示和交换。这样一来，设备之间的数据传输变得更加简单和可靠。

3. 跨平台和跨语言：OPC UA支持多种操作系统和编程语言。无论是Windows、Linux还是嵌入式系统，无论是C++、Java还是Python，都可以使用OPC UA进行通信，降低了集成的复杂性。

4. OPC UA 编译说明：OPC UA 编译和连接PLC的过程非常枯燥和繁琐，文章计划采用2个章节进行介绍，首先介绍OPC UA的编译过程及Uaexpert连接西门子S7-1200PLC的方法和通过OPC UA 编译库连接S7-1200PLC的测试过程。

OPC UA 工具软件Uaexpert

Uaexpert测试软件可到官方网站下载，下载链接如下。

https://www.unified-automation.com/products/development-tools/uaexpert.htmlhttps://www.unified-automation.com/products/development-tools/uaexpert.html

OPC UA开源库下载

OPC UA 开源库下载可到官方网站下载相关的SDK，连接如下所示。

https://www.unified-automation.com/downloads/opc-ua-development.htmlhttps://www.unified-automation.com/downloads/opc-ua-development.html

下载完成后将文件解压后如下图所示。其中包含了三方依赖库、Cmake编译文件、Lib文件、.h文件和.dll文件等。

OPC UA开源库编译

以下为OPC UA开源库官方给出的编译说明，这个必须要认真阅读，里面包含大量的信息，如果步骤不对会导致编译失败。

Unified Automation C++ based UA SDK for Windows
Content
(0) Compiler version
(1) Third-Party Libraries
(2) Release notes
(3) Feature list

===================================================================
(0) Compiler version for binary editions
===================================================================

The SDK was compiled with Microsoft(TM) Visual Studio and thus depends
on the runtime components (CRT) of the corresponding MS Visual Studio.

You SHOULD NOT mix this SDK binaries with other MS Visual Studio versions,
because your application will end up in loading two different CRT Dlls,
which results in two different heaps.
Mixing heaps will lead to application crashes, when trying to
free memory that was allocated by another heap.

Either download an evaluation version for your Visual Studio version
or obtain the Source Edition to be able to consistently compile the
package with your compiler version.

===================================================================
(1) Third-Party Libraries
===================================================================

The UA SDK requires a number of third-party libraries that
are used to provide certain features.
Third Party Software may impose additional restrictions and it is
the user's responsibility to ensure that they have met the licensing
requirements of the according libraries.
The following enumeration lists all third-party libraries used by the
UA SDK with additional information about version, configuration
and used licenses.
The third-party licenses are stored in the license folder distributed
with the SDK.

* OpenSSL

To build the SDK with UA Security enabled the OpenSSL crypto
library must be installed including the development headers.
To avoid building OpenSSL from source ready-to-use Windows
installers are available from:
[https://slproweb.com/products/Win32OpenSSL.html]

The SDK supports OpenSSL version 1.1.1 and 3.0.

Note that you need to use the full installer, not the "Light"
version, as the "Light" version does not include the development
headers. Also make sure to select the 32bit or 64bit variant
according to how you build the SDK.

When using the installer, CMake is able to autodetect the installed
OpenSSL version and will automatically enable security.

The CMake output shows you the active configuration.
Watch for this output:

...
-- OpenSSL found (1.1.1s)
-- ### Summary of build options:
-- CMAKE_BUILD_TYPE Debug
...
-- BUILD_LIBUACRYPTO ON
-- BUILD_LIBUAPKI ON
-- BUILD_LIBUASECONV ON
...

* Libxml2

Libxml2 is the XML C parser and toolkit developed for the Gnome
project (but usable outside of the Gnome platform), it is free
software available under the MIT License. XML itself is a
metalanguage to design markup languages, i.e. text language where
semantic and structure are added to the content using
extra "markup" information enclosed between angle brackets.
HTML is the most well-known markup language. Though the library
is written in C a variety of language bindings make it available
in other environments.

A pre-compiled version of Libxml2 is contained in the third-party folder

Home: http://www.xmlsoft.org/
License: MIT License

===================================================================
(2) Release notes
===================================================================

(2a) PubSub functionality

===================================================================

With version 1.7 of the C++ SDK, PubSub related modules were added to the
SDK. See the file CHANGELOG for a list of SDK modules. The PubSub related
modules are part of a new product edition 'Client Server PubSub SDK Bundle'.
A upgrade is required if you have a 'Client SDK' or 'Client Server SDK Bundle'.

The PubSub functionality contained in version 1.8 is based on
OPC UA 1.05.02 Part 14 - PubSub released in November 2022.

The implementation was tested with other implementations in OPC UA working group
PubSub plug-fest events and OPC Foundation interoperability workshops.

Version 1.8.0 adds support for PubSub UADP message security and the new
OPC UA 1.05 PubSubConfiguration object. See the migration guide in the SDK
documentation and the CHANGELOG for more details.

Version 1.8 implements the PubSub UADP message mapping.
Version 1.8 does NOT support PubSub JSON message mapping.

Known technical limitations for UADP message mapping are
- Event DataSetMessages are not supported
- Delta DataSetMessages are not supported
- Discovery messages are not supported
- Chunk NetworkMessages are not supported
- Dynamic number of NetworkMessages is not supported
- DataSetMessage fields with ValueRank > 1 are not supported in raw field encoding
- DataSetMessage fields with Structure DataTypes are not supported
See CHANGELOG for more details.

Version 1.8 implement the PubSub UDP transport protocol mapping.
Version 1.8 does not implement other transport protocol mappings but
provides a network back-end interface for application specific implementation
of other transport protocol mappings like MQTT and Ethernet.
Sample code for a MQTT network back-end is part of the demo server sample code.

(2b) Security Policies

===================================================================

The OPC UA Specification version 1.04 released end of 2017 deprecated
the security policy Basic256 and added the two new security policies
Aes128_Sha256_RsaOaep and Aes256_Sha256_RsaPss.
The security policy Basic128Rsa15 was already deprecated before.

It is strongly recommended to disable Basic128Rsa15 and Basic256 in the
OPC UA server configuration and to allow only Basic256Sha256,
Aes128_Sha256_RsaOaep and Aes256_Sha256_RsaPss.
A server administrator may be able to activate Basic128Rsa15 and Basic256
for backward compatibility but the user must be warned about the deprecated
status of these security policies.

(2c) OPC UA Compliance Testing
===================================================================
We are following the OPC UA compliance and certification efforts of
the OPC Foundation as close as possible. We participated in all UA plug fest
events and most of the OPC interoperability events as first available step.

We have tested the C++ demo server contained in this SDK release with the
released OPC UA compliance test tool (CTT) version 1.04.11-01.00.502. There are few
known issues with this compliance test version.

Issues in the CTT test scripts:
All of them are already reported to the Compliance Working Group.
* Base Info Core Structure - 001:
The CTT throws an error with
ConditionType -> ConditionSubClassId [NOT FOUND] REQUIRED
ConditionType -> ConditionSubClassName [NOT FOUND] REQUIRED
The CTT is using the latest OPC UA 1.04 UANodeSets,
However, the C++ SDK was updated to OPC UA 1.05.02 UANodeSet.
The NodeIds of the ConditionSubClassId and ConditionSubClassName
is updated in the OPC UA 1.05.02 UANodeSet.
In OPC UA 1.04 UANodeSets:
ConditionType -> ConditionSubClassId: NodeId="i=16363"
ConditionType -> ConditionSubClassName: NodeId="i=16364"
In OPC UA 1.05.02 UANodeSet:
ConditionType -> ConditionSubClassId: NodeId="i=11112"
ConditionType -> ConditionSubClassName: NodeId="i=11113"

* Base Info ValueAsText - 002:
The CTT sends the ReadRequest with NULL NodesToRead array,
and the server responds with BadNothingToDo.
The issue is already reported and created a mantis issue
https://mantis.opcfoundation.org/view.php?id=8459

* Subscription Durable - Err-004
The expected results in the script are incorrect
ServiceResults=Good
OperationResults=BadTypeMismatch
However, the results should be
ServiceResults=Good
OperationResults=BadInvalidArgument
InputArgumentResults=BadTypeMismatch
The issue is already reported and created a mantis issue
https://mantis.opcfoundation.org/view.php?id=9007

* Auditing Base - AOSCET-004, AOSCET-005
The AuditEntryId should be the Client's IP Address and port.
However, the CTT doesn't follow the specification.
The issue is already reported and created a mantis issue
https://mantis.opcfoundation.org/view.php?id=8978

When the UA CTT is installed it generates a number of certificates used for the
tests. These certificates of course have a limited validity i.e. they expire
after a certain time. This is one year for the issued certificates and 5 years
for the CA certificates and CRLs (Certificate Revocation Lists).
So one year after installing the UA CTT you typically get errors for tests in the
conformance group "Security"

The OPC Test Lab Certification of C++ demo server contained in this SDK
was successfully finished with version 1.6.0 of the SDK.

The test results with your own server implementation may have compliance
issues based on different SDK implementation options used. Issues can also
be caused by different timing.

We will provide regular updates to the SDK after the availability
of new OPC UA compliance test tool versions.

(2d) Protocol binding HTTPS with UA Binary Encoding
===================================================================

The OPC UA stack version used in the C++ SDK version 1.7.0 supports the
protocol binding HTTPS with UA Binary Encoding. The protocol binding can be
activated through configuration options.

However this part of the SDK is not released since the level of testing
and adoption is not high enough, even if there are no known open issues.

===================================================================
(3) Feature list
===================================================================

For a detailed change log see the file CHANGELOG in your SDK download section.

Version 1.8.0
===================================================================
Major features added in this version

Support for OPC UA 1.05.02 features
* Alarm model updated to 1.05.02
* PubSub configuration updated to 1.05.02 (see PubSub for more details)
* UserManagement object (OPC UA Part 18) - see also User Authentication

PubSub Release
* Change of PubSub functionality from beta to release
* Full implementation of PubSub UADP message security
* Support for SecurityGroup and PubSub security key management
* Support for SetSecurityKeys to accept PubSub security key Push
* Support for GetSecurityKeys to provide PubSub keys to other applications
* Support for PubSub security key pull using GetSecurityKeys on a SKS
* Support for configuration read and write using PubSubConfiguration object

User Authentication and Authorization
* Complete integrated handling of User Authentication and Authorization
* Persistence of Roles and IdentityMapping in XML or INI file for on-line configuration
* User and password management file
* On-line configuration of users and passwords with UserManagement object

Other enhancements
* Support for OpenSSL 3.0
OpenSSL 1.1.1 is still supported
Older OpenSSL version are no longer supported

* Add shared DataTypeDictionary in Server SDK

* Enable shared library build for PubSub related modules

* Add general SDK library Interface
- Add interface UaSdkClientLibraryInterface
Used to handle general initialization and clean-up in base modules without
creating dependencies to special modules or between modules like client and server
- Add implementation for each SDK module (uabasecpp, uaclient, coremodule, uamodule
pubsubmodule)
- Implement SKS pull in client library interface for use in PubSub module without
adding dependency between PubSubModule and UaClient)
- Use for special handling of PubSubModule start-up and shut-down without creating
dependency in server CoreModule
- UaAbstractApplication manages list of libraries including initializeLibraries()
and cleanUpLibraries()

* Update minimum required CMake version
- bundle / client requires 3.7
- bundlepubsub requires 3.12
- using OpenSSL 3.0 requires 3.18

See CHANGELOG for details.

Versions 1.7.x and older
See CHANGELOG for details.

OpenSSL

以上OPC UA开源库编译说明中有一段话非常重要：“ The SDK supports OpenSSL version 1.1.1 and 3.0.”是说OPC UA SDK 需要OpenSSL 3.0版本支持。OpenSSL又是什么东西呢？OpenSSL其实是一个加密开源库包含大量的加密和签名算法。

OpenSSL是一个基于密码学的安全开发包，OpenSSL提供的功能相当强大和全面，囊括了主要的密码算法、常用的密钥和证书封装管理功能以及SSL协议，并提供了丰富的应用程序供测试或其它目的使用。
1.对称加密算法
OpenSSL一共提供了8种对称加密算法，其中7种是分组加密算法，仅有的一种流加密算法是RC4。这7种分组加密算法分别是AES、DES、Blowfish、CAST、IDEA、RC2、RC5，都支持电子密码本模式（ECB）、加密分组链接模式（CBC）、加密反馈模式（CFB）和输出反馈模式（OFB）四种常用的分组密码加密模式。其中，AES使用的加密反馈模式（CFB）和输出反馈模式（OFB）分组长度是128位，其它算法使用的则是64位。事实上，DES算法里面不仅仅是常用的DES算法，还支持三个密钥和两个密钥3DES算法。
2.非对称加密算法
OpenSSL一共实现了4种非对称加密算法，包括DH算法、RSA算法、DSA算法和椭圆曲线算法（EC）。DH算法一般用户密钥交换。RSA算法既可以用于密钥交换，也可以用于数字签名，当然，如果你能够忍受其缓慢的速度，那么也可以用于数据加密。DSA算法则一般只用于数字签名。
3.信息摘要算法
OpenSSL实现了5种信息摘要算法，分别是MD2、MD5、MDC2、SHA（SHA1）和RIPEMD。SHA算法事实上包括了SHA和SHA1两种信息摘要算法，此外，OpenSSL还实现了DSS标准中规定的两种信息摘要算法DSS和DSS1。
4.密钥和证书管理
密钥和证书管理是PKI的一个重要组成部分，OpenSSL为之提供了丰富的功能，支持多种标准。
首先，OpenSSL实现了ASN.1的证书和密钥相关标准，提供了对证书、公钥、私钥、证书请求以及CRL等数据对象的DER、PEM和BASE64的编解码功能。OpenSSL提供了产生各种公开密钥对和对称密钥的方法、函数和应用程序，同时提供了对公钥和私钥的DER编解码功能。并实现了私钥的PKCS#12和PKCS#8的编解码功能。OpenSSL在标准中提供了对私钥的加密保护功能，使得密钥可以安全地进行存储和分发。
在此基础上，OpenSSL实现了对证书的X.509标准编解码、PKCS#12格式的编解码以及PKCS#7的编解码功能。并提供了一种文本数据库，支持证书的管理功能，包括证书密钥产生、请求产生、证书签发、吊销和验证等功能。
事实上，OpenSSL提供的CA应用程序就是一个小型的证书管理中心（CA），实现了证书签发的整个流程和证书管理的大部分机制。
5.SSL和TLS协议
SSL(Secure Sockets Layer 安全套接层)是一种基于Web应用的安全通信协议，最早由Netscape（网景）公司提出。SSL介于TCP协议和应用层协议之间，主要作用就是将HTTP、FTP等应用层的数据进行加密然后依托可靠的TCP协议在互联网上传输到目的地，其中最典型的应用就是https。

SSL提供3个基本的安全服务：

1）身份合法性：数据发送方和接收方要确认彼此身份，要确保各自的身份不会被冒充。(通过数字证书实现)

2）数据机密性：所有传输的数据都进行加密，并且要确保即使数据被截获也无法破解。(通过非对称或对称加密加密算法实现)

3）数据完整性：确保收到的数据与发送方发出的数据一致，没有被篡改。(通过MAC算法实现)

SSL协议主要采用的数据加密算法：

1）非对称加密算法：数据加密和解密使用不同的密钥，如RSA公钥加密算法。优点是安全级别高，很难被破解；缺点是加密解密的速度慢，因此只适用于小量数据的加密。SSL协议采用非对称加密算法实现数字签名，验证数据发送方（或接收方）的身份，同时也用非对称加密算法交换密钥（用于数据加密的对称加密算法的密钥，以及用于数据完整性验证的MAC算法）。

2）对称加密算法：数据加密和解密使用同一个密钥，如DES、3DES、RC4等都是对称加密算法。优点是加解密速度快，适用于大数据量的加密，但安全性较差。SSL协议采用对称加密算法对传输的数据进行加密。

3）MAC算法：Message Authentication Codes，即消息认证码算法，MAC含有密钥散列函数算法，兼容了MD和SHA算法的特性，并在此基础上加入了密钥。SSL协议采用MAC算法来检验消息的完整性。

OpenSSL下载

OPC UA 说明文件中给出了相关的下载连接如下所示。

https://slproweb.com/products/Win32OpenSSL.htmlhttps://slproweb.com/products/Win32OpenSSL.html

也可以到如下地址进行下载。

https://www.openssl.org/https://www.openssl.org/

本人是通过官方给出的连接进行的下载，如下图所示，OpenSSL 下载后安装即可。

Cmake编译工具下载

官方网站地址如下：老外搞得东西我们也就不问为什么要这么做，肯定有人家的道理，我们作为应用者有时候没得选择。

https://cmake.org/https://cmake.org/

OPC UA编译

选择好OPC UA 资源文件目录和输出文件目录后在工具栏tool中选择Generate进行编译即可，编译没有错误的话可以恭喜你编译成功了。

编译完成后输出文件如下图所示，我们所需要的资源都在examples文件夹里面。

例如我们打开client_cpp_sdk文件夹就会看到编译后的解决方案工程文件及其他相关文件，如下图所示。

OPC UA开源库项目结构

打开编译完成的项目文件以client_cpp_sdk项目为例。如下图所示在项目属性中可以看出项目引用的资源文件及其头文件、依赖库等。

1、头文件,头文件中可以看到CMake编译完成后包含了以下目录的头文件。

C:\Program Files\OpenSSL-Win64\include
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\cmake\..\include\uastack
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\cmake\..\include\uabasecpp
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\cmake\..\include\uapkicpp
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\cmake\..\include\uaclientcpp
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\cmake\..\include\xmlparsercpp
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\examples\client_cpp_sdk\..\utilities
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\examples\client_cpp_sdk\..\utilities\win32
%(AdditionalIncludeDirectories)

2、Lib文件,lib文件中可以看到CMake编译完成后包含了以下目录的lib依赖库文件。

uaclientcpp.lib
uapkicpp.lib
uabasecpp.lib
xmlparsercpp.lib
uastack.lib
F:\XXX\L_Visio自动化工程\L_C++Demo\OPCUA\uasdkcppbundlepubsub-bin-EVAL-windows-x64-vs2015-v1.8.2-624\uasdkcppbundlepubsub-bin-EVAL-vs2015_x64-v1.8.2-624\third-party\win64\vs2019\libxml2\out32dll\libxml2.lib
C:\Program Files\OpenSSL-Win64\lib\VC\libssl64MD.lib
C:\Program Files\OpenSSL-Win64\lib\VC\libcrypto64MD.lib
ws2_32.lib
mpr.lib
kernel32.lib
user32.lib
gdi32.lib
winspool.lib
shell32.lib
ole32.lib
oleaut32.lib
uuid.lib
comdlg32.lib
advapi32.lib