Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42356

HP Application Automation Tools error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."

      We are required to have FIPS enabled on our Windows slave workstations using UFT 12.5. When FIPS is turned on, I get the error below. When FIPS is turned off, the build runs properly.

      Started by user xxxxxxxx
      Building remotely on xxxxxxxxxVM in workspace C:\temp\workspace\xxxxxxxxxM
      [WS-CLEANUP] Deleting project workspace...
      [WS-CLEANUP] Done
      [SATX10W17VM] $ C:\temp\workspace\xxxxxxVM\HpToolsLauncher.exe -paramfile props27022017151030223.txt
      "Started..."
      Timeout is set to: 99999
      Run mode is set to: RUN_LOCAL

      Unhandled Exception: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
      at System.Security.Cryptography.RijndaelManaged..ctor()
      at HpToolsLauncher.Launcher.Decrypt(String textToDecrypt, String key)
      at HpToolsLauncher.Launcher.CreateRunner(TestStorageType runType, JavaProperties ciParams)
      at HpToolsLauncher.Launcher.Run()
      at HpToolsLauncher.Program.Main(String[] args)
      Recording test results
      None of the test reports contained any result
      RunResultRecorder: didn't find any test results to record
      Finished: SUCCESS

          [JENKINS-42356] HP Application Automation Tools error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."

          Marvin Quick added a comment -

          Thanks Evan. Is there a way to track the enhancement request?

          Marvin Quick added a comment - Thanks Evan. Is there a way to track the enhancement request?

          Evan Chen added a comment -

          Hi Marvin,

          I suggested our FA to create a user story about this, but it's internal so you may not be able to see it. And since it's not a common case, I'm afraid it's not of high priority.

           

          Another way is that you can raise a enhance request throw support, so you might be able to track the status and put more weight on this issue at the meantime.

          Thanks,

          Evan

          Evan Chen added a comment - Hi Marvin, I suggested our FA to create a user story about this, but it's internal so you may not be able to see it. And since it's not a common case, I'm afraid it's not of high priority.   Another way is that you can raise a enhance request throw support, so you might be able to track the status and put more weight on this issue at the meantime. Thanks, Evan

          Marvin Quick added a comment -

          Our internal development made a change so Jenkins worked with FIPS. 

          Marvin Quick added a comment - Our internal development made a change so Jenkins worked with FIPS. 

          Vikas Waykole added a comment - - edited

          Hello Marvin,

          What change your internal development team did to make Jenkins work with FIPS?

          Thanks,

          Vikas

          Vikas Waykole added a comment - - edited Hello Marvin, What change your internal development team did to make Jenkins work with FIPS? Thanks, Vikas

          Ben added a comment -

          Greetings.

          This appears to be an issue again.

          Any ideas?

           

          Thanks!!

           

          Plugin Version: Micro Focus Application Automation Tools 7.5

          Jenkins Version: 2.361.1 LTS

          Server OS Version: Windows Server 2016

           

          Console Snip:

          "Started..."

          Timeout is set to: -1

          Run mode is set to: RUN_PLANNED_HOST

           

          Unhandled Exception: System.TypeInitializationException: The type initializer for 'HpToolsLauncher.EncryptionUtils' threw an exception. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

             at System.Security.Cryptography.RijndaelManaged..ctor()

             at HpToolsLauncher.EncryptionUtils.DecryptWithPwd(String textToDecrypt)

             at HpToolsLauncher.EncryptionUtils..cctor()

             — End of inner exception stack trace —

             at HpToolsLauncher.EncryptionUtils.Decrypt(String textToDecrypt)

             at HpToolsLauncher.Launcher.CreateRunner(TestStorageType runType, Boolean initialTestRun, List`1 failedTests)

             at HpToolsLauncher.Launcher.Run()

             at HpToolsLauncher.Program.Main(String[] args)

          Launch return code -532462766

          Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE

          Ben added a comment - Greetings. This appears to be an issue again. Any ideas?   Thanks!!   Plugin Version: Micro Focus Application Automation Tools 7.5 Jenkins Version: 2.361.1 LTS Server OS Version: Windows Server 2016   Console Snip: "Started..." Timeout is set to: -1 Run mode is set to: RUN_PLANNED_HOST   Unhandled Exception: System.TypeInitializationException: The type initializer for 'HpToolsLauncher.EncryptionUtils' threw an exception. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.    at System.Security.Cryptography.RijndaelManaged..ctor()    at HpToolsLauncher.EncryptionUtils.DecryptWithPwd(String textToDecrypt)    at HpToolsLauncher.EncryptionUtils..cctor()    — End of inner exception stack trace —    at HpToolsLauncher.EncryptionUtils.Decrypt(String textToDecrypt)    at HpToolsLauncher.Launcher.CreateRunner(TestStorageType runType, Boolean initialTestRun, List`1 failedTests)    at HpToolsLauncher.Launcher.Run()    at HpToolsLauncher.Program.Main(String[] args) Launch return code -532462766 Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE

          Dorin Bogdan added a comment -

          Hi ben732 ,

          Until we implement a permanent solution, please try the following workaround:

          Get the attached HpToolsLauncher.exe.configand copy it into the job's workspace folder ...Jenkins\workspace\your_job_name (created on first job build).

          For example I have something like this:

          C:\Jenkins\workspace\UFT_ALM_Job

          This is the same path where HpToolsLauncher.exe.config is placed by Jenkins at runtime, for each job.

          If you are not sure where this path is located, you can find it in Console Output of your build:

          [UFT_ALM_Job] $ "C:\Jenkins\workspace\UFT_ALM_Job\HpToolsLauncher.exe" -paramfile props17112022125626049.txt

          Then please let us know the result.

          Best regards,

          Dorin.

          Dorin Bogdan added a comment - Hi ben732 , Until we implement a permanent solution, please try the following workaround: Get the attached HpToolsLauncher.exe.config and copy it into the job's workspace folder ...Jenkins\workspace\your_job_name (created on first job build). For example I have something like this: C:\Jenkins\workspace\UFT_ALM_Job This is the same path where HpToolsLauncher.exe.config is placed by Jenkins at runtime, for each job. If you are not sure where this path is located, you can find it in Console Output of your build: [UFT_ALM_Job] $ "C:\Jenkins\workspace\UFT_ALM_Job\HpToolsLauncher.exe" -paramfile props17112022125626049.txt Then please let us know the result. Best regards, Dorin.

          Ben added a comment -

          Thank you Dorin, that definitely got me past this hump.

          Is this configuration file documented somewhere?

          Our QC/ALM server requires a client certificate, I knew I would eventually have to deal with this I just couldn't get that far until now.

          I am hoping I can specify one in that config file because I don't see anywhere to specify one in the plugin configuration in Jenkins.

          Let me know any thoughts.

          Thanks again!

          Ben

          Ben added a comment - Thank you Dorin, that definitely got me past this hump. Is this configuration file documented somewhere? Our QC/ALM server requires a client certificate, I knew I would eventually have to deal with this I just couldn't get that far until now. I am hoping I can specify one in that config file because I don't see anywhere to specify one in the plugin configuration in Jenkins. Let me know any thoughts. Thanks again! Ben

          Dorin Bogdan added a comment -

          Hi ben732 ,

          This file is mainly the C# app.config file and applies strictly to HpToolsLauncher.exe.

          You can customize it as long as you follow the .Net xml schema:

          https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/

          Since this workaround is meant to be temporary (and discovered today), we have no official documentation. I just added one element:

          https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspolicy-element

          About client certificate please check this suggestion:
          https://eyeontesting.com/answers/how-to-connect-jenkins-to-https-alm/

          Best regards,

          Dorin.

          Dorin Bogdan added a comment - Hi ben732 , This file is mainly the C# app.config file and applies strictly to HpToolsLauncher.exe. You can customize it as long as you follow the .Net xml schema: https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/ Since this workaround is meant to be temporary (and discovered today), we have no official documentation. I just added one element: https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspolicy-element About client certificate please check this suggestion: https://eyeontesting.com/answers/how-to-connect-jenkins-to-https-alm/ Best regards, Dorin.

          Ben added a comment -

          Thank you for the info, I completed the steps in that link but that did not help, still the same error.

          That link discusses adding the ALM server certificate to the trust store of the JVM running Jenkins, so it would trust the ALM server.

          I think this situation is the other way around - the ALM sever is requiring a client certificate (which would require the JVM running Jenkins to provide one during the SSL handshake).

          I have taken steps to configure this, but it still does not help.

          I do not believe in this situation it is any Jenkins process (thereby the JVM it is running in) making the HTTPS connection to the ALM server, I believe it is the HpToolsLauncher.exe process, in conjunction with the 'ALM Connectivity Tool' (TDConnect.exe) that is attempting the HTTPS connection.

          Therefore, I need some way to tell this process to us a client certificate.

          I was hoping for such configuration in the app.config file but I can't find anything in the documentation you shared  that looks promising.

          Here s a snip of the job output (with the workspace path & ALM server redacted), for reference:

          [QC_Test] $ <redacted>\HpToolsLauncher.exe -paramfile props17112022133503543.txt -encoding UTF-8
          "Started..."
          Timeout is set to: -1
          Run mode is set to: RUN_PLANNED_HOST
          Error of client certificate
          Error: ALM server https://<redacted>/qcbin/ unreachable, check that server Url is correct
          ALM Test set runner not connected
          Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE
          Finished: FAILURE

          I am off for the next week but can troubleshoot further when I get back.

          Thanks again for all of your help!

          Ben

          Ben added a comment - Thank you for the info, I completed the steps in that link but that did not help, still the same error. That link discusses adding the ALM server certificate to the trust store of the JVM running Jenkins, so it would trust the ALM server. I think this situation is the other way around - the ALM sever is requiring a client certificate (which would require the JVM running Jenkins to provide one during the SSL handshake). I have taken steps to configure this, but it still does not help. I do not believe in this situation it is any Jenkins process (thereby the JVM it is running in) making the HTTPS connection to the ALM server, I believe it is the HpToolsLauncher.exe process, in conjunction with the 'ALM Connectivity Tool' (TDConnect.exe) that is attempting the HTTPS connection. Therefore, I need some way to tell this process to us a client certificate. I was hoping for such configuration in the app.config file but I can't find anything in the documentation you shared  that looks promising. Here s a snip of the job output (with the workspace path & ALM server redacted), for reference: [QC_Test] $ <redacted>\HpToolsLauncher.exe -paramfile props17112022133503543.txt -encoding UTF-8 "Started..." Timeout is set to: -1 Run mode is set to: RUN_PLANNED_HOST Error of client certificate Error: ALM server https://<redacted>/qcbin/ unreachable, check that server Url is correct ALM Test set runner not connected Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE Finished: FAILURE I am off for the next week but can troubleshoot further when I get back. Thanks again for all of your help! Ben

          Dorin Bogdan added a comment -

          Hi ben732 ,

          I think the ALM certificate error is rather an IT related issue, and not necessarily a DEV one.
          Either way, the standard procedure requires the customers to call for / open a support ticket here:
          https://www.microfocus.com/en-us/contact-support/stackb

          Please provide there a short summary (linked to JENKINS-42356) and ask for a high priority online session, and the support team will help you as soon as possible.

          Thank you for understanding,
          Dorin.

          Dorin Bogdan added a comment - Hi ben732 , I think the ALM certificate error is rather an IT related issue, and not necessarily a DEV one. Either way, the standard procedure requires the customers to call for / open a support ticket here: https://www.microfocus.com/en-us/contact-support/stackb Please provide there a short summary (linked to JENKINS-42356 ) and ask for a high priority online session, and the support team will help you as soon as possible. Thank you for understanding, Dorin.

            dorin7bogdan Dorin Bogdan
            mdbquick Marvin Quick
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: