Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42356

HP Application Automation Tools error "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."

    XMLWordPrintable

Details

    Description

      We are required to have FIPS enabled on our Windows slave workstations using UFT 12.5. When FIPS is turned on, I get the error below. When FIPS is turned off, the build runs properly.

      Started by user xxxxxxxx
      Building remotely on xxxxxxxxxVM in workspace C:\temp\workspace\xxxxxxxxxM
      [WS-CLEANUP] Deleting project workspace...
      [WS-CLEANUP] Done
      [SATX10W17VM] $ C:\temp\workspace\xxxxxxVM\HpToolsLauncher.exe -paramfile props27022017151030223.txt
      "Started..."
      Timeout is set to: 99999
      Run mode is set to: RUN_LOCAL

      Unhandled Exception: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
      at System.Security.Cryptography.RijndaelManaged..ctor()
      at HpToolsLauncher.Launcher.Decrypt(String textToDecrypt, String key)
      at HpToolsLauncher.Launcher.CreateRunner(TestStorageType runType, JavaProperties ciParams)
      at HpToolsLauncher.Launcher.Run()
      at HpToolsLauncher.Program.Main(String[] args)
      Recording test results
      None of the test reports contained any result
      RunResultRecorder: didn't find any test results to record
      Finished: SUCCESS

      Attachments

        Activity

          dbogdan7 Dorin Bogdan added a comment -

          Hi ben732 ,

          Until we implement a permanent solution, please try the following workaround:

          Get the attached HpToolsLauncher.exe.configand copy it into the job's workspace folder ...Jenkins\workspace\your_job_name (created on first job build).

          For example I have something like this:

          C:\Jenkins\workspace\UFT_ALM_Job

          This is the same path where HpToolsLauncher.exe.config is placed by Jenkins at runtime, for each job.

          If you are not sure where this path is located, you can find it in Console Output of your build:

          [UFT_ALM_Job] $ "C:\Jenkins\workspace\UFT_ALM_Job\HpToolsLauncher.exe" -paramfile props17112022125626049.txt

          Then please let us know the result.

          Best regards,

          Dorin.

          dbogdan7 Dorin Bogdan added a comment - Hi ben732 , Until we implement a permanent solution, please try the following workaround: Get the attached HpToolsLauncher.exe.config and copy it into the job's workspace folder ...Jenkins\workspace\your_job_name (created on first job build). For example I have something like this: C:\Jenkins\workspace\UFT_ALM_Job This is the same path where HpToolsLauncher.exe.config is placed by Jenkins at runtime, for each job. If you are not sure where this path is located, you can find it in Console Output of your build: [UFT_ALM_Job] $ "C:\Jenkins\workspace\UFT_ALM_Job\HpToolsLauncher.exe" -paramfile props17112022125626049.txt Then please let us know the result. Best regards, Dorin.
          ben732 Ben added a comment -

          Thank you Dorin, that definitely got me past this hump.

          Is this configuration file documented somewhere?

          Our QC/ALM server requires a client certificate, I knew I would eventually have to deal with this I just couldn't get that far until now.

          I am hoping I can specify one in that config file because I don't see anywhere to specify one in the plugin configuration in Jenkins.

          Let me know any thoughts.

          Thanks again!

          Ben

          ben732 Ben added a comment - Thank you Dorin, that definitely got me past this hump. Is this configuration file documented somewhere? Our QC/ALM server requires a client certificate, I knew I would eventually have to deal with this I just couldn't get that far until now. I am hoping I can specify one in that config file because I don't see anywhere to specify one in the plugin configuration in Jenkins. Let me know any thoughts. Thanks again! Ben
          dbogdan7 Dorin Bogdan added a comment -

          Hi ben732 ,

          This file is mainly the C# app.config file and applies strictly to HpToolsLauncher.exe.

          You can customize it as long as you follow the .Net xml schema:

          https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/

          Since this workaround is meant to be temporary (and discovered today), we have no official documentation. I just added one element:

          https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspolicy-element

          About client certificate please check this suggestion:
          https://eyeontesting.com/answers/how-to-connect-jenkins-to-https-alm/

          Best regards,

          Dorin.

          dbogdan7 Dorin Bogdan added a comment - Hi ben732 , This file is mainly the C# app.config file and applies strictly to HpToolsLauncher.exe. You can customize it as long as you follow the .Net xml schema: https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/ Since this workaround is meant to be temporary (and discovered today), we have no official documentation. I just added one element: https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspolicy-element About client certificate please check this suggestion: https://eyeontesting.com/answers/how-to-connect-jenkins-to-https-alm/ Best regards, Dorin.
          ben732 Ben added a comment -

          Thank you for the info, I completed the steps in that link but that did not help, still the same error.

          That link discusses adding the ALM server certificate to the trust store of the JVM running Jenkins, so it would trust the ALM server.

          I think this situation is the other way around - the ALM sever is requiring a client certificate (which would require the JVM running Jenkins to provide one during the SSL handshake).

          I have taken steps to configure this, but it still does not help.

          I do not believe in this situation it is any Jenkins process (thereby the JVM it is running in) making the HTTPS connection to the ALM server, I believe it is the HpToolsLauncher.exe process, in conjunction with the 'ALM Connectivity Tool' (TDConnect.exe) that is attempting the HTTPS connection.

          Therefore, I need some way to tell this process to us a client certificate.

          I was hoping for such configuration in the app.config file but I can't find anything in the documentation you shared  that looks promising.

          Here s a snip of the job output (with the workspace path & ALM server redacted), for reference:

          [QC_Test] $ <redacted>\HpToolsLauncher.exe -paramfile props17112022133503543.txt -encoding UTF-8
          "Started..."
          Timeout is set to: -1
          Run mode is set to: RUN_PLANNED_HOST
          Error of client certificate
          Error: ALM server https://<redacted>/qcbin/ unreachable, check that server Url is correct
          ALM Test set runner not connected
          Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE
          Finished: FAILURE

          I am off for the next week but can troubleshoot further when I get back.

          Thanks again for all of your help!

          Ben

          ben732 Ben added a comment - Thank you for the info, I completed the steps in that link but that did not help, still the same error. That link discusses adding the ALM server certificate to the trust store of the JVM running Jenkins, so it would trust the ALM server. I think this situation is the other way around - the ALM sever is requiring a client certificate (which would require the JVM running Jenkins to provide one during the SSL handshake). I have taken steps to configure this, but it still does not help. I do not believe in this situation it is any Jenkins process (thereby the JVM it is running in) making the HTTPS connection to the ALM server, I believe it is the HpToolsLauncher.exe process, in conjunction with the 'ALM Connectivity Tool' (TDConnect.exe) that is attempting the HTTPS connection. Therefore, I need some way to tell this process to us a client certificate. I was hoping for such configuration in the app.config file but I can't find anything in the documentation you shared  that looks promising. Here s a snip of the job output (with the workspace path & ALM server redacted), for reference: [QC_Test] $ <redacted>\HpToolsLauncher.exe -paramfile props17112022133503543.txt -encoding UTF-8 "Started..." Timeout is set to: -1 Run mode is set to: RUN_PLANNED_HOST Error of client certificate Error: ALM server https://<redacted>/qcbin/ unreachable, check that server Url is correct ALM Test set runner not connected Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE Finished: FAILURE I am off for the next week but can troubleshoot further when I get back. Thanks again for all of your help! Ben
          dbogdan7 Dorin Bogdan added a comment -

          Hi ben732 ,

          I think the ALM certificate error is rather an IT related issue, and not necessarily a DEV one.
          Either way, the standard procedure requires the customers to call for / open a support ticket here:
          https://www.microfocus.com/en-us/contact-support/stackb

          Please provide there a short summary (linked to JENKINS-42356) and ask for a high priority online session, and the support team will help you as soon as possible.

          Thank you for understanding,
          Dorin.

          dbogdan7 Dorin Bogdan added a comment - Hi ben732 , I think the ALM certificate error is rather an IT related issue, and not necessarily a DEV one. Either way, the standard procedure requires the customers to call for / open a support ticket here: https://www.microfocus.com/en-us/contact-support/stackb Please provide there a short summary (linked to JENKINS-42356 ) and ask for a high priority online session, and the support team will help you as soon as possible. Thank you for understanding, Dorin.

          People

            dorin7bogdan Dorin Bogdan
            mdbquick Marvin Quick
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: