Merge tag 'v0.9.4' into open62541-integration

Release (work in progress) 0.9.4

.github/workflows/ci-build.yml

@@ -5,7 +5,7 @@
 
 # Set the 'name:' properties to values that work for you
 
-name: opcua
+name: opcua build and end-to-end test
 
 # Trigger on pushes and PRs to any branch
 on:
@@ -21,6 +21,7 @@ env:
   MODULES: "gtest"
   GTEST: "v1.0.1"
   BASE_HOOK: ".ci-local/base.patch"
+  BASE_RECURSIVE: NO
   encrypted_178ee45b7f75_pass: ${{ secrets.encrypted_178ee45b7f75_pass }}
 
 jobs:
@@ -80,7 +81,7 @@ jobs:
             name: "3.15 Ub-20 SDK-1.7.2"
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         submodules: true
     - name: Prepare and compile dependencies
@@ -93,3 +94,13 @@ jobs:
       run: python .ci/cue.py test
     - name: Collect and show test results
       run: python .ci/cue.py test-results
+    - name: Install end2end test dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get -y install libfaketime faketime
+        sudo pip3 install pytest opcua pyepics
+        sudo pip3 install run-iocsh -i https://artifactory.esss.lu.se/artifactory/api/pypi/pypi-virtual/simple
+    - name: Run end2end tests
+      run: |
+        python .ci/cue.py exec make -C end2endTest/server
+        python .ci/cue.py exec pytest -v end2endTest/opcua_test_cases.py

.gitignore

@@ -23,6 +23,8 @@ envPaths
 
 O.*/
 /QtC-*
+/.qtc_*
+.idea/
 *.orig
 *.log
 /devOpcuaSup/.vs/devOpcuaSup/v16

.travis.yml

@@ -20,6 +20,7 @@ env:
     - MODULES=gtest
     - GTEST=v1.0.0
     - BASE_HOOK=.ci-local/base.patch
+    - BASE_RECURSIVE=NO
 
 addons:
   apt:

README.md

@@ -1,7 +1,7 @@
 <a target="_blank" href="http://semver.org">![Version][badge.version]</a>
-<a target="_blank" href="https://travis-ci.com/ralphlange/opcua">![Travis status][badge.travis]</a>
-<a target="_blank" href="https://github.com/ralphlange/opcua/actions/workflows/ci-build.yml">![GitHub Actions status][badge.gha]</a>
-<a target="_blank" href="https://www.codacy.com/app/ralphlange/opcua">![Codacy grade][badge.codacy]</a>
+<a target="_blank" href="https://app.travis-ci.com/github/epics-modules/opcua">![Travis status][badge.travis]</a>
+<a target="_blank" href="https://github.com/epics-modules/opcua/actions/workflows/ci-build.yml">![GitHub Actions status][badge.gha]</a>
+<a target="_blank" href="https://www.codacy.com/gh/epics-modules/opcua/dashboard?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=epics-modules/opcua&amp;utm_campaign=Badge_Grade">![Codacy grade][badge.codacy]</a>
 
 # opcua - EPICS Device Support for OPC UA
 
@@ -96,10 +96,17 @@ features.
 The [Cheat Sheet][cheatsheet.pdf] explains the configuration in the startup
 script and the database links.
 
+## Binaries
+
+Please look at the "Assets" sections of specific releases on the
+[release page](https://github.com/epics-modules/opcua/releases) for binaries.
+These are fully functional and contain the Unified Automation Client SDK. They
+can be used without limitations and without any fees.
+
 ## Feedback / Reporting issues
 
 Please use the GitHub project's
-[issue tracker](https://github.com/ralphlange/opcua/issues).
+[issue tracker](https://github.com/epics-modules/opcua/issues).
 
 ## Credits
 
@@ -115,13 +122,13 @@ This module is distributed subject to a Software License Agreement found
 in file LICENSE that is included with this distribution.
 
 <!-- Links -->
-[badge.version]: https://img.shields.io/github/v/release/ralphlange/opcua?sort=semver
-[badge.travis]: https://travis-ci.com/ralphlange/opcua.svg?branch=master
-[badge.codacy]: https://api.codacy.com/project/badge/Grade/65b1d28ca5e34a7d853d168f50beaafc
-[badge.gha]: https://github.com/ralphlange/opcua/actions/workflows/ci-build.yml/badge.svg
+[badge.version]: https://img.shields.io/github/v/release/epics-modules/opcua?sort=semver
+[badge.travis]: https://app.travis-ci.com/epics-modules/opcua.svg?branch=master
+[badge.codacy]: https://app.codacy.com/project/badge/Grade/ec0d53f8285249d394b3af067acf2ad4
+[badge.gha]: https://github.com/epics-modules/opcua/actions/workflows/ci-build.yml/badge.svg
 
 [unified.sdk]: https://www.unified-automation.com/products/client-sdk/c-ua-client-sdk.html
 
-[uasdk.dir]: https://github.com/ralphlange/opcua/tree/master/devOpcuaSup/UaSdk
-[requirements.pdf]: https://docs.google.com/viewer?url=https://raw.githubusercontent.com/ralphlange/opcua/master/documentation/EPICS%20Support%20for%20OPC%20UA%20-%20SRS.pdf
-[cheatsheet.pdf]: https://docs.google.com/viewer?url=https://raw.githubusercontent.com/ralphlange/opcua/master/documentation/EPICS%20Support%20for%20OPC%20UA%20-%20Cheat%20Sheet.pdf
+[uasdk.dir]: https://github.com/epics-modules/opcua/tree/master/devOpcuaSup/UaSdk
+[requirements.pdf]: https://docs.google.com/viewer?url=https://raw.githubusercontent.com/epics-modules/opcua/master/documentation/EPICS%20Support%20for%20OPC%20UA%20-%20SRS.pdf
+[cheatsheet.pdf]: https://docs.google.com/viewer?url=https://raw.githubusercontent.com/epics-modules/opcua/master/documentation/EPICS%20Support%20for%20OPC%20UA%20-%20Cheat%20Sheet.pdf

Using-Security.md

@@ -84,7 +84,7 @@ In the fully detailed form (using four arguments), the four locations are specif
 
 ### Client Certificate
 
-The iocShell command `setClientCertificate` sets the locations for the client certificate (PEM or DER format) and the matching private key (PEM format).
+The iocShell command `opcuaClientCertificate` sets the locations for the client certificate (PEM or DER format) and the matching private key (PEM format).
 
 ### Session Security Setting
 
@@ -150,10 +150,18 @@ The source tree contains an Xca certificate template that can be imported and mo
 
 For the IOC, save the certificate in DER or PEM format, the private key as PEM. The server may need different formats - refer to the documentation of your server for more details.
 
+A simple client certificate/key pair can also be created using the `openssl` command line utility, e.g.:
+
+```bash
+openssl req -x509 -newkey rsa:2048 -keyout private_key.pem -out cert.pem -sha256 -days 365 -nodes -addext "subjectAltName=URI:urn:<IOC>@<HOST>:EPICS:IOC,IP:<IP>"
+```
+
 ### Certificates and Network / DNS Setup
 
 The `URI:`, `DNS:` and `IP:` entries in the Subject Alternative Name section require the network and DNS to be set up correctly, otherwise the certificates will not work.
 
+This applies to both the IOC and the server. If any of the two uses a host name in its certificate that doesn't match the host name that the other side gets when doing a reverse lookup, the connection is likely to fail.
+
 The IOC uses the `gethostname()` result in the `URI:` entry, which might differ from its DNS host name that has to appear in the `DNS:` entry. Depending on your DNS setup, the host names in the `DNS:` entry need to be simple or fully qualified. Finding out the right way to set up your certificates may be frustrating and time consuming.
 
 ### Creating Identity Token Certificates

configure/CONFIG_OPCUA_VERSION

@@ -1,5 +1,5 @@
 # Version between releases: next number plus flag
 EPICS_OPCUA_MAJOR_VERSION = 0
-EPICS_OPCUA_MINOR_VERSION = 9
-EPICS_OPCUA_MAINTENANCE_VERSION = 3
-EPICS_OPCUA_DEVELOPMENT_FLAG = 0
+EPICS_OPCUA_MINOR_VERSION = 10
+EPICS_OPCUA_MAINTENANCE_VERSION = 0
+EPICS_OPCUA_DEVELOPMENT_FLAG = 1

devOpcuaSup/Makefile

@@ -73,7 +73,7 @@ endif
 
 # Unified Automation C++ Based OPC UA Client SDK
 ifdef UASDK
-include $(OPCUA)/UaSdk/Makefile
+include $(OPCUA)/UaSdk/Makefile.config
 endif
 
 # open62541.org Open Source UA SDK
@@ -99,7 +99,7 @@ include $(TOP)/configure/RULES
 
 # Unified Automation C++ Based OPC UA Client SDK
 ifdef UASDK
-include $(OPCUA)/UaSdk/RULES_UASDK
+include $(OPCUA)/UaSdk/Makefile.rules
 endif
 
 # Can't use EXPAND as generated headers must appear

devOpcuaSup/UaSdk/Makefile → devOpcuaSup/UaSdk/Makefile.config

@@ -32,3 +32,10 @@ opcua_SRCS += DataElementUaSdk.cpp
 DBD_INSTALLS += opcua.dbd
 
 CFG += RULES_OPCUA
+
+USR_INCLUDES += $(foreach lib, $(_UASDK_MODS),-I$(UASDK)/include/$(lib))
+
+# Use RPATH when SDK libs are PROVIDED to find indirect dependencies
+ifeq ($(UASDK_DEPLOY_MODE),PROVIDED)
+USR_LDFLAGS_Linux += -Wl,--disable-new-dtags
+endif

devOpcuaSup/UaSdk/RULES_UASDK → devOpcuaSup/UaSdk/Makefile.rules

@@ -12,10 +12,6 @@
 #==================================================
 # Unified Automation SDK libraries
 
-USR_INCLUDES += $(foreach lib, $(_UASDK_MODS),-I$(UASDK)/include/$(lib))
-# SDK libraries are not built with correct RUNPATH - rely on executable
-USR_LDFLAGS_Linux += -Wl,--disable-new-dtags
-
 ifeq ($(UASDK_DEPLOY_MODE),SYSTEM)
 USR_SYS_LIBS += $(UASDK_LIBS)
 endif

devOpcuaSup/UaSdk/SessionUaSdk.cpp

@@ -56,6 +56,7 @@ namespace DevOpcua {
 using namespace UaClientSdk;
 
 static epicsThreadOnceId session_uasdk_ihooks_once = EPICS_THREAD_ONCE_INIT;
+static epicsThreadOnceId session_uasdk_atexit_once = EPICS_THREAD_ONCE_INIT;
 
 Registry<SessionUaSdk> SessionUaSdk::sessions;
 
@@ -77,6 +78,13 @@ void session_uasdk_ihooks_register (void *junk)
     (void) initHookRegister(SessionUaSdk::initHook);
 }
 
+static
+void session_uasdk_atexit_register (void *junk)
+{
+    (void)junk;
+    epicsAtExit(SessionUaSdk::atExit, nullptr);
+}
+
 inline const char *
 serverStatusString (UaClient::ServerStatus type)
 {
@@ -711,7 +719,7 @@ SessionUaSdk::setupSecurity ()
         securityInfo.sSecurityPolicy = OpcUa_SecurityPolicy_None;
         securityLevel = 0;
         securityInfo.serverCertificate.clear();
-        securityInfo.setAnonymousUserIdentity();
+        setupIdentity();
 
         if (debug)
             std::cout << "Session " << name.c_str()
@@ -816,9 +824,10 @@ SessionUaSdk::setupSecurity ()
                                   << " (level " << +securityLevel << ")" << std::endl;
                 }
             } else {
-                errlogPrintf("OPC UA session %s: (setupSecurity) found no endpoint that matches "
-                             "the security requirements",
-                             name.c_str());
+                if (debug)
+                    std::cout << "Session " << name.c_str()
+                              << ": (setupSecurity) found no endpoint that matches"
+                              << " the security requirements" << std::endl;
                 return ConnectResult::noMatchingEndpoint;
             }
             return ConnectResult::ok;
@@ -1349,19 +1358,34 @@ void
 SessionUaSdk::initHook (initHookState state)
 {
     switch (state) {
-    case initHookAfterDatabaseRunning:
+    case initHookAfterIocRunning:
     {
         errlogPrintf("OPC UA: Autoconnecting sessions\n");
         for (auto &it : sessions) {
             it.second->markConnectionLoss();
             if (it.second->autoConnect)
                 it.second->connect();
         }
+        epicsThreadOnce(&DevOpcua::session_uasdk_atexit_once, &DevOpcua::session_uasdk_atexit_register, nullptr);
         break;
     }
     default:
         break;
     }
 }
 
+void
+SessionUaSdk::atExit (void *junk)
+{
+    (void)junk;
+    errlogPrintf("OPC UA: Disconnecting sessions\n");
+    for (auto &it : sessions) {
+        SessionUaSdk *session = it.second;
+        // See #130 and reverted commit ab7184ef
+        // Make sure low-level session is valid before running disconnect()
+        if (session->puasession && session->isConnected())
+            session->disconnect();
+    }
+}
+
 } // namespace DevOpcua

devOpcuaSup/UaSdk/SessionUaSdk.h

@@ -223,6 +223,14 @@ class SessionUaSdk
      */
     static void initHook(initHookState state);
 
+    /**
+     * @brief EPICS IOC Database atExit function.
+     *
+     * Hook function called when the EPICS IOC is exiting.
+     * Disconnects all sessions.
+     */
+    static void atExit(void *junk);
+
     // Get a new (unique per session) transaction id
     OpcUa_UInt32 getTransactionId();