Signing Plugin always throws NullPointerException: pemObject must not be null

Answered

I followed the tutorial for Plugin Signing on https://plugins.jetbrains.com/docs/intellij/plugin-signing.html

but no matter what I do, I always get this error:

[gradle-intellij-plugin :com.ast.devmate.intellij.plugin:signPlugin] Error during Marketplace ZIP Signer CLI execution:
Exception in thread "main" java.lang.NullPointerException: pemObject must not be null
at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:62)
at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:48)
at org.jetbrains.zip.signer.signer.SignerInfoLoader.loadSignerInfoFromText(SignerInfoLoader.kt:30)
at org.jetbrains.zip.signer.ZipSigningTool.sign(ZipSigningTool.kt:58)
at org.jetbrains.zip.signer.ZipSigningTool.main(ZipSigningTool.kt:29)

I tried with values direct in the file, with environment values and with the CLI Tool

12 comments
Comment actions Permalink

Got the same result with folowing the same steps on Windows

0
Comment actions Permalink

Please share your project sources/link and make sure you're using latest gradle-intellij-plugin (1.2.1)

0
Comment actions Permalink

I've found the issue (gradle-intellij-plugin 1.2.0). The docs recommend to use ENV vars but it doesn't support multi-line. I changed it to my key and cert location. 

certificateChain = new File(System.getenv("CERTIFICATE_CHAIN") ?: "./certs/chain.crt").getText('UTF-8')
1
Comment actions Permalink

I encounter the same issue that the original post. (tested with gradle-intellij-plugin 1.1.6 and 1.2.1, Windows 10).

There is already an issue on github : https://github.com/JetBrains/marketplace-zip-signer/issues/28

The temporary solution of Rhaalebos to store the location to the private key and cert in env vars worked

signPlugin {
password.set(System.getenv("PRIVATE_KEY_PASSWORD"))
certificateChain.set(File(System.getenv("CERTIFICATE_CHAIN") ?: "./.keys/chain.crt").readText(Charsets.UTF_8))
certificateChain.set(File(System.getenv("PRIVATE_KEY") ?: "./.keys/private.pem").readText(Charsets.UTF_8))
}
1
Comment actions Permalink

I managed to sign it with the methods shown here (even though I tried that with the CLI Tool). So thanks for that.


However, when you want to download the plugin from the store I get this message:

Plugin Signature Checker

Plugin 'PluginName' signature can't be verified:

Zip integrity check failed. CHUNKED_SHA512S digest mismatch

 

Any Idea whats the problem?
How can I check that the signing worked without needing to upload it to the store

0
Comment actions Permalink

I got a new Error, it's pretty similar to the last, but still different:

Plugin Security Warning

Digital signature verification of the 'PluginName' plugin failed with the following message: Zip integrity check failed. CHUNKED_SHA512S digest mismatch

0
Comment actions Permalink

Could you please provide more details and a minimal reproducible example?

0
Comment actions Permalink

What details do you need?
I have create a minimal copy of the plugin and uploaded it. It will take a while to get reviewed though

0
Comment actions Permalink

Plugin signing still fails with this error with Gradle IntelliJ Plugin 1.3.0. Why is this not fixed?

 

0
Comment actions Permalink

Still fail in 1.4.0

0
Comment actions Permalink

I fix it by using local gradle properties.

define variable at gradle.properties:

CERTIFICATE_CHAIN=/Users/garen/chain.crt
PRIVATE_KEY=/Users/garen/private.pem
PRIVATE_KEY_PASSWORD=your_password
PUBLISH_TOKEN=your_token

modify build.kts:

tasks {
signPlugin {
val cc = project.property("CERTIFICATE_CHAIN") as String
val pk = project.property("PRIVATE_KEY") as String
val pkp = project.property("PRIVATE_KEY_PASSWORD") as String
certificateChain.set(File(cc).readText())
privateKey.set(File(pk).readText())
password.set(pkp)
}
publishPlugin {
val token = project.property("PUBLISH_TOKEN") as String
this.token.set(token)
}
}
0

Please sign in to leave a comment.