参考

1、添加依赖

  1. <!--客户端开发包-->
  2. <dependency>
  3.   <groupId>org.eclipse.milo</groupId>
  4.   <artifactId>sdk-client</artifactId>
  5.   <version>0.4.0</version>
  6. </dependency>
  7. <!--服务端开发包-->
  8. <dependency>
  9.   <groupId>org.eclipse.milo</groupId>
  10.   <artifactId>sdk-server</artifactId>
  11.   <version>0.4.0</version>
  12. </dependency>
  13. <!--证书解析相关-->
  14. <dependency>
  15.   <groupId>org.bouncycastle</groupId>
  16.   <artifactId>bcpkix-jdk15to18</artifactId>
  17.   <version>1.66</version>
  18. </dependency>

2、创建证书类

因为opcua client 和服务器连接通信 必须需要证书,所以提供一个创建数字证书的类

  1. public class KeyStoreLoader {
  2.     private final Logger logger = LoggerFactory.getLogger(getClass());
  4.     private static final Pattern IP_ADDR_PATTERN = Pattern.compile(
  5.             "^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$");
  7.     // 证书别名
  8.     private static final String CLIENT_ALIAS = "opcua-client";
  9.     // 获取私钥的密码
  10.     private static final char[] PASSWORD = "password".toCharArray();
  11.     // 证书对象
  12.     private X509Certificate clientCertificate;
  13.     // 密钥对对象
  14.     private KeyPair clientKeyPair;
  16.     /**
  17.      * @Author: 李孟帅
  18.      * @CreateTime: 2021/6/2 15:04
  19.      * @Description: 默认路径 存放证书的目录
  20.      */
  21.     public Path defaultPath() throws Exception {
  22.         Path crtDir = Paths.get(System.getProperty("user.home"), ".crt");
  23.         Files.createDirectories(crtDir);
  24.         if (!Files.exists(crtDir)) {
  25.             throw new Exception("unable to create certificate dir: " + crtDir);
  26.         }
  27.         return crtDir;
  28.     }
  30.     public KeyStoreLoader load() throws Exception {
  31.         return load(defaultPath());
  32.     }
  34.     public KeyStoreLoader load(Path baseDir) throws Exception {
  35.         // 创建一个使用`PKCS12`加密标准的KeyStore。KeyStore在后面将作为读取和生成证书的对象。
  36.         KeyStore keyStore = KeyStore.getInstance("PKCS12");
  37.         // PKCS12的加密标准的文件后缀是.pfx,其中包含了公钥和私钥。
  38.         // 而其他如.der等的格式只包含公钥,私钥在另外的文件中。
  39.         Path clientKeyStore = baseDir.resolve("opcua-client.pfx");
  41.         logger.info("Loading KeyStore at {}", clientKeyStore);
  42.         // 如果文件不存在则创建.pfx证书文件。
  43.         if (!Files.exists(clientKeyStore)) {
  44.             keyStore.load(null, PASSWORD);
  45.             // 用2048位的RAS算法。`SelfSignedCertificateGenerator`为Milo库的对象。
  46.             KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
  47.             // `SelfSignedCertificateBuilder`也是Milo库的对象,用来生成证书。
  48.             // 中间所设置的证书属性可以自行修改。
  49.             SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair)
  50.                     .setCommonName("Eclipse Milo Example Client")
  51.                     .setOrganization("digitalpetri")
  52.                     .setOrganizationalUnit("dev")
  53.                     .setLocalityName("Folsom")
  54.                     .setStateName("CA")
  55.                     .setCountryCode("US")
  56.                     .setApplicationUri("urn:eclipse:milo:examples:client")
  57.                     .addDnsName("localhost")
  58.                     .addIpAddress("127.0.0.1");
  60.             // Get as many hostnames and IP addresses as we can listed in the certificate.
  61.             for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) {
  62.                 if (IP_ADDR_PATTERN.matcher(hostname).matches()) {
  63.                     builder.addIpAddress(hostname);
  64.                 } else {
  65.                     builder.addDnsName(hostname);
  66.                 }
  67.             }
  68.             // 创建证书
  69.             X509Certificate certificate = builder.build();
  70.             // 设置对应私钥的别名,密码,证书链
  71.             keyStore.setKeyEntry(CLIENT_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[]{certificate});
  72.             try (OutputStream out = Files.newOutputStream(clientKeyStore)) {
  73.                 // 保存证书到输出流
  74.                 keyStore.store(out, PASSWORD);
  75.             }
  76.         } else {
  77.             try (InputStream in = Files.newInputStream(clientKeyStore)) {
  78.                 // 如果文件存在则读取
  79.                 keyStore.load(in, PASSWORD);
  80.             }
  81.         }
  82.         // 用密码获取对应别名的私钥。
  83.         Key clientPrivateKey = keyStore.getKey(CLIENT_ALIAS, PASSWORD);
  84.         if (clientPrivateKey instanceof PrivateKey) {
  85.             // 获取对应别名的证书对象。
  86.             clientCertificate = (X509Certificate) keyStore.getCertificate(CLIENT_ALIAS);
  87.             // 获取公钥
  88.             PublicKey serverPublicKey = clientCertificate.getPublicKey();
  89.             // 创建Keypair对象。
  90.             clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey) clientPrivateKey);
  91.         }
  92.         return this;
  93.     }
  96.     public X509Certificate getClientCertificate() {
  97.         return clientCertificate;
  98.     }
  100.     public KeyPair getClientKeyPair() {
  101.         return clientKeyPair;
  102.     }
  103. }

第一次因为没有证书和密钥,所以可能比较慢,第二次不需要创建了,直接获取,速度比较快

3、创建OpcUaClient

  1. package com.lms.opcua.eclipse.milo;
  3. import org.eclipse.milo.opcua.sdk.client.OpcUaClient;
  4. import org.eclipse.milo.opcua.sdk.client.api.identity.AnonymousProvider;
  5. import org.eclipse.milo.opcua.sdk.client.api.identity.UsernameProvider;
  6. import org.eclipse.milo.opcua.sdk.client.api.nodes.Node;
  7. import org.eclipse.milo.opcua.sdk.client.api.subscriptions.UaMonitoredItem;
  8. import org.eclipse.milo.opcua.sdk.client.api.subscriptions.UaSubscription;
  9. import org.eclipse.milo.opcua.stack.client.security.ClientCertificateValidator;
  10. import org.eclipse.milo.opcua.stack.core.AttributeId;
  11. import org.eclipse.milo.opcua.stack.core.Identifiers;
  12. import org.eclipse.milo.opcua.stack.core.types.builtin.DataValue;
  13. import org.eclipse.milo.opcua.stack.core.types.builtin.LocalizedText;
  14. import org.eclipse.milo.opcua.stack.core.types.builtin.NodeId;
  15. import org.eclipse.milo.opcua.stack.core.types.builtin.Variant;
  16. import org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.UInteger;
  17. import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
  18. import org.eclipse.milo.opcua.stack.core.types.enumerated.MonitoringMode;
  19. import org.eclipse.milo.opcua.stack.core.types.enumerated.NodeClass;
  20. import org.eclipse.milo.opcua.stack.core.types.enumerated.TimestampsToReturn;
  21. import org.eclipse.milo.opcua.stack.core.types.structured.MonitoredItemCreateRequest;
  22. import org.eclipse.milo.opcua.stack.core.types.structured.MonitoringParameters;
  23. import org.eclipse.milo.opcua.stack.core.types.structured.ReadValueId;
  25. import java.util.ArrayList;
  26. import java.util.List;
  27. import java.util.concurrent.CompletableFuture;
  28. import java.util.concurrent.ExecutionException;
  29. import java.util.concurrent.TimeUnit;
  31. import static org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.Unsigned.uint;
  33. /**
  34.  * @Author: 李孟帅
  35.  * @CreateTime: 2021/6/2$ 11:47$
  36.  * @Description: TODO
  37.  */
  39. public class Test {
  40.     static String kepServerEndpoint = "opc.tcp://127.0.0.1:49320";
  41.     static String endpoint = "opc.tcp://127.0.0.1:53530/OPCUA/SimulationServer";
  43.     private List<NodeId> nodeIds = new ArrayList<>();
  45.     private OpcUaClient opcUaClient;
  47.     {
  48.         try {
  49.             // 获取证书和密钥对类
  50.             KeyStoreLoader loader = new KeyStoreLoader().load();
  51.             // 匿名访问
  52.             AnonymousProvider anonymousProvider = new AnonymousProvider();
  53.             UsernameProvider usernameProvider = new UsernameProvider("lms", "lms123");
  54.             // 创建客户端,配置参数
  56.             opcUaClient = OpcUaClient.create(kepServerEndpoint
  57.                     , endpoints -> endpoints.stream()
  58.                             .filter(e -> e.getSecurityMode() == MessageSecurityMode.None)
  59.                             .findFirst()
  60.                     , configBuilder ->
  61.                             configBuilder
  62.                                     .setApplicationName(LocalizedText.english("eclipse milo opc-ua client")) // 任意写
  63.                                     .setApplicationUri("urn:eclipse:milo:examples:client")  // 需要和生成证书时保持一致,不然报错
  64.                                     .setCertificate(loader.getClientCertificate())
  65.                                     .setKeyPair(loader.getClientKeyPair())
  66.                                     .setIdentityProvider(usernameProvider)
  67.                                     .setRequestTimeout(uint(5000))
  68.                                     .setKeepAliveFailuresAllowed(UInteger.MIN)
  69.                                     .setCertificateValidator(new ClientCertificateValidator.InsecureValidator())
  70.                                     .build());
  71.             // 连接,设置超时5秒
  73.             opcUaClient.connect().get(5, TimeUnit.SECONDS);
  74.         } catch (Exception e) {
  75.             e.printStackTrace();
  76.         }
  77.     }
  79.     public static void main(String[] args) throws Exception {
  80.         // new Test().daTest();
  81.         new Test().subscribeNode();
  83.         Thread.sleep(1000000000);
  84.     }
  86.     public void daTest() throws Exception {
  89.         // String nodeId = "ns=5;s=85/0:Simulation";
  90.         // Node rootNode = opcUaClient.getAddressSpace().getNodeInstance(NodeId.parse(nodeId)).get();
  91.         // assemble(rootNode);
  94.         List<Node> nodes = opcUaClient.getAddressSpace().browse(Identifiers.RootFolder).get();
  95.         for (Node node : nodes) {
  96.             if (node.getBrowseName().get().getName().equals("Objects")) {
  97.                 assemble(node);
  98.             }
  99.         }
  100.         readValues();
  102.         System.out.println("NodeId 的个数:" + nodeIds.size());
  105.     }
  107.     private void assemble(Node node) {
  108.         try {
  109.             List<Node> nodes = opcUaClient.getAddressSpace().browseNode(node).get();
  110.             for (Node node1 : nodes) {
  111.                 // 递归读取所有点叶子节点,Variable也可能有子节点
  112.                 if (node1.getNodeClass().get() == NodeClass.Variable) {
  113.                     nodeIds.add(node1.getNodeId().get());
  114.                     // System.out.println("NodeName = " + node1.getBrowseName().get().getName() + "  NodeId = " + node1.getNodeId().get());
  115.                 }
  116.                 assemble(node1);
  118.             }
  119.         } catch (InterruptedException | ExecutionException e) {
  120.             try {
  121.                 System.out.println("异常信息:" + "NodeName = " + node.getBrowseName().get().getName() + "  NodeId = " + node.getNodeId().get());
  122.             } catch (InterruptedException | ExecutionException ex) {
  123.                 ex.printStackTrace();
  124.             }
  125.             e.printStackTrace();
  126.         }
  127.     }
  129.     public void readValues() {
  130.         CompletableFuture<List<DataValue>> dataFuture = opcUaClient.readValues(0, TimestampsToReturn.Both, nodeIds);
  131.         dataFuture.thenAccept(dataValues -> {
  132.             dataValues.forEach(dataValue -> {
  133.                 Variant value = dataValue.getValue();
  134.                 System.out.println(value + " ===> " + dataValue.getValue().getValue());
  135.             });
  136.         });
  137.         // 该线程是守护线程,没有前台线程时,会直接结束,所以需要让其执行完
  138.         dataFuture.join();
  139.     }
  141.     public void subscribeNode() throws ExecutionException, InterruptedException {
  142.         //创建发布间隔1000ms的订阅对象
  143.         UaSubscription subscription = opcUaClient.getSubscriptionManager().createSubscription(1000.0).get();// 请求间隔,一秒请求一次,如果数据变化了,不请求也获取不到数据
  145.         //创建订阅的变量
  146.         NodeId nodeId = new NodeId(2, "channel1.device1.tag1");
  147.         ReadValueId readValueId = new ReadValueId(nodeId, AttributeId.Value.uid(), null, null);
  149.         //创建监控的参数
  150.         MonitoringParameters parameters = new MonitoringParameters(
  151.                 uint(1),
  152.                 1000.0,     // sampling interval,采样的周期,数据变化时 一秒采集一次,如果数据没有变化,不会采集
  153.                 null,       // filter, null means use default
  154.                 uint(10),   // queue size
  155.                 true        // discard oldest
  156.         );
  158.         //创建监控项请求
  159.         //该请求最后用于创建订阅。
  160.         MonitoredItemCreateRequest request = new MonitoredItemCreateRequest(readValueId, MonitoringMode.Reporting, parameters);
  162.         List<MonitoredItemCreateRequest> requests = new ArrayList<>();
  163.         requests.add(request);
  165.         //创建监控项,并且注册变量值改变时候的回调函数。
  166.         List<UaMonitoredItem> items = subscription.createMonitoredItems(
  167.                 TimestampsToReturn.Both,
  168.                 requests,
  169.                 (item, id) -> {
  170.                     item.setValueConsumer((item1, value) -> {
  171.                         System.out.println("nodeId :" + item1.getReadValueId().getNodeId());
  172.                         System.out.println("value :" + value.getValue().getValue());
  173.                     });
  174.                 }
  175.         ).get();
  176.     }
  178. }

需要注意的点:
1、安全策略一般默认为None,表示通信不签名不加密
2、安全策略如果为Sign或SignAndEncrypt表示通信需要签名或签名并加密 ,服务器需要将客户端的数字证书添加到信任表中,才可以连接成功,注意设置客户端参数时ApplicationUri需要和生成证书时一致