Signing Plugin always throws NullPointerException: pemObject must not be null
Answered
I followed the tutorial for Plugin Signing on https://plugins.jetbrains.com/docs/intellij/plugin-signing.html
but no matter what I do, I always get this error:
[gradle-intellij-plugin :com.ast.devmate.intellij.plugin:signPlugin] Error during Marketplace ZIP Signer CLI execution:
Exception in thread "main" java.lang.NullPointerException: pemObject must not be null
at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:62)
at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:48)
at org.jetbrains.zip.signer.signer.SignerInfoLoader.loadSignerInfoFromText(SignerInfoLoader.kt:30)
at org.jetbrains.zip.signer.ZipSigningTool.sign(ZipSigningTool.kt:58)
at org.jetbrains.zip.signer.ZipSigningTool.main(ZipSigningTool.kt:29)
I tried with values direct in the file, with environment values and with the CLI Tool
Please sign in to leave a comment.
Got the same result with folowing the same steps on Windows
Please share your project sources/link and make sure you're using latest gradle-intellij-plugin (1.2.1)
I've found the issue (gradle-intellij-plugin 1.2.0). The docs recommend to use ENV vars but it doesn't support multi-line. I changed it to my key and cert location.
see also https://stackoverflow.com/questions/49457787/how-to-export-a-multi-line-environment-variable-in-bash-terminal-e-g-rsa-privat
I encounter the same issue that the original post. (tested with gradle-intellij-plugin 1.1.6 and 1.2.1, Windows 10).
There is already an issue on github : https://github.com/JetBrains/marketplace-zip-signer/issues/28
The temporary solution of Rhaalebos to store the location to the private key and cert in env vars worked
I managed to sign it with the methods shown here (even though I tried that with the CLI Tool). So thanks for that.
However, when you want to download the plugin from the store I get this message:
Plugin Signature Checker
Plugin 'PluginName' signature can't be verified:
Zip integrity check failed. CHUNKED_SHA512S digest mismatch
Any Idea whats the problem?
How can I check that the signing worked without needing to upload it to the store
I got a new Error, it's pretty similar to the last, but still different:
Plugin Security Warning
Digital signature verification of the 'PluginName' plugin failed with the following message: Zip integrity check failed. CHUNKED_SHA512S digest mismatch
Could you please provide more details and a minimal reproducible example?
What details do you need?
I have create a minimal copy of the plugin and uploaded it. It will take a while to get reviewed though
Plugin signing still fails with this error with Gradle IntelliJ Plugin 1.3.0. Why is this not fixed?
Still fail in 1.4.0
I fix it by using local gradle properties.
define variable at gradle.properties:
modify build.kts:
hi guys i found the solution to our problem.
The hint was in the "signPlugin" example.
In the example the priv key was displayed like this:
But if you just create the private.pem file its in this format:
The solution is to decrypt the priv key first (dont ask me why we need to give a priv_key_password aswell to the signPlugin gradle task):
Any update about this ?
You can find the solution in the post above, or in this Repo: https://github.com/AskMeAgain/IntellijPluginTemplate. The readme gives you a complete explanation how it works and the create-secret.sh script does everything for you
The whole signing flow is described in the Plugin Signing article in IntelliJ SDK Docs: https://plugins.jetbrains.com/docs/intellij/plugin-signing.html
The documentation was already updated to address the issue described in this thread.
Note that both the private key and certificate chain are multi-line values. It is necessary to transform them first using Base64 encoding before providing to the single-line field in Environment Variables panel.
In macOS use this command to generate the base64 string
base64 -b 0 -i /path/to/chain.crt -o /path/to/chain_base64.crt
base64 -b 0 -i /path/to/private.pem -o /path/to/private_base64.pem