intellij-platform-gradle-plugin
intellij-platform-gradle-plugin copied to clipboard
JetBrains
signPlugin fails with NullPointerException
I followed the tutorial to set up everything needed to publish a plugin to the marketplace. So I added the PUBLISH_TOKEN, PRIVATEE_KEY, CERTIFICATE_CHAIN and PRIVATE_KEY_PASSWORD to the environment variables of the Run Configuration. When the signPlugin task is executed I always get a NullPointerException: pemObject must not be null.
Exception in thread "main" java.lang.NullPointerException: pemObject must not be null at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:62) at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:48) at org.jetbrains.zip.signer.signer.SignerInfoLoader.loadSignerInfoFromText(SignerInfoLoader.kt:30) at org.jetbrains.zip.signer.ZipSigningTool.sign(ZipSigningTool.kt:58) at org.jetbrains.zip.signer.ZipSigningTool.main(ZipSigningTool.kt:29) [gradle-intellij-plugin :MavenDependencyChecker:signPlugin] Error during Marketplace ZIP Signer CLI execution: Exception in thread "main" java.lang.NullPointerException: pemObject must not be null at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:62) at org.jetbrains.zip.signer.signer.PrivateKeyUtils.loadKeyPair(PrivateKeyUtils.kt:48) at org.jetbrains.zip.signer.signer.SignerInfoLoader.loadSignerInfoFromText(SignerInfoLoader.kt:30) at org.jetbrains.zip.signer.ZipSigningTool.sign(ZipSigningTool.kt:58) at org.jetbrains.zip.signer.ZipSigningTool.main(ZipSigningTool.kt:29)
@mwalter I have tried reproducing this error, but with no luck.
After generating chain.crt and private.pem files as described in Plugin Signing article, everything works well.
Could you please provide more information regarding your setup?
@hsz thank you very much for your support!
I added the generated chain.crt and private.pem to the IntelliJ Run Configuration by copy & pasting the file contents to the environment section. I found a discussion in a Jetbrains forum about the problem. It has something to do with multiline parsing. The file contents span over multiple lines and and the gradle-intellij-plugin is not able to read the multiline contents from the Run Configuration. I tried to remove all line breaks and still it did not work (same error).
I now use the workaround stated in the forum:
certificateChain.set(File(System.getenv("CERTIFICATE_CHAIN") ?: "./certs/chain.crt").readText(Charsets.UTF_8))
But it would be very nice if I could use the Gradle plugin task for signing.
This conversion is required – SDK Docs were properly modified. Thanks for the update, Marc.
@hsz thank you very much for your support!
I added the generated chain.crt and private.pem to the IntelliJ Run Configuration by copy & pasting the file contents to the environment section. I found a discussion in a Jetbrains forum about the problem. It has something to do with multiline parsing. The file contents span over multiple lines and and the gradle-intellij-plugin is not able to read the multiline contents from the Run Configuration. I tried to remove all line breaks and still it did not work (same error).
I now use the workaround stated in the forum:
certificateChain.set(File(System.getenv("CERTIFICATE_CHAIN") ?: "./certs/chain.crt").readText(Charsets.UTF_8))But it would be very nice if I could use the Gradle plugin task for signing.
Interesting.. The solution specified in the above comment does not work... checkout the full log here.
* What went wrong:
Could not determine the dependencies of task ':publishPlugin'.
> Could not create task ':signPlugin'.
> valueof(EnvironmentVariableValueSource) (No such file or directory)
The problem wasn't solved.
Exception in thread "main" java.lang.NullPointerException: pemObject must not be null
@nabato - are you facing this issue in github actions or in your local environment?
@nabato - are you facing this issue in github actions or in your local environment?
Both. With base64 encoded private key and with not encoded private key.
I provided the link to a failing github job. https://github.com/JetBrains/gradle-intellij-plugin/issues/1482
To fix github actions. (Follow the below steps)
Important— Ensure base64 encoded string does not contain any space or newline characters.
To convert pem and crt files to base64 string
Note - Below commands are for MacOS. But could work in other OS if you have openssl installed.
- Encode private.pem to Base64 encoded string.
openssl enc -A -base64 -in private.pem -out private_base64.pem
cat private_base64.pem
output: <<base64 Encode string>>
Copy & Paste the base64 string into
github->settings->security->secrets and variables->Repository Secrets->PRIVATE_KEY
- Encode chain.crt to Base64 encoded string.
openssl enc -A -base64 -in chain.crt -out chain-base64.crt
cat chain-base64.crt
output: <<base64 Encode string>>
Copy & Paste the base64 string into
github->settings->security->secrets and variables->Repository Secrets->CERTIFICATE_CHAIN
@dinbtechit, thank you for trying to help. But:
Both. With base64 encoded private key and with not encoded private key.
Sorry I misread your comment.
Let's tackle this with github actions first. For github actions it needs to be base64 encoded. Can you confirm if you have set the base64 encoded PRIVATE key in the right place?
Github Repo -> settings -> security -> secrets and variables -> Repository Secrets -> PRIVATE_KEY
@dinbtechit, confirm. I checked that encoded strings don't contain anything like newline characters with https://www.soscisurvey.de/tools/view-chars.php.
https://github.com/nabato/alabaster-themes/actions/runs/6619320521/job/17979588487
Your github configuration looks good to me. So there is something going on when you create the base64 encoded string.
I had the exact same problem basically when I used the default MacOS base64 encoder, it did not work. But when I used the openSSL base64 encoder it worked. If you use MacOS you can try using the commands I provided above.
The important thing is the -A flag - openssl enc -A -base64
@dinbtechit, I encoded it on Linux with:
openssl enc -A -base64 -in private.pem -out private_base64.pem
openssl enc -A -base64 -in chain.crt -out chain-base64.crt
It's an official way from the documentation. Who wrote the documentation?
Someone else on the slack had the same problem, but that was because of the encoder. Maybe it is causing due to some other reason for you.
@dinbtechit, I also tried https://www.base64encode.org with no luck. I'm of the opinion that it's not my job to fix Jetbrains' buggy plugin by trying different random stuff whereas the steps in the documentation lead to a broken build. That's a terrbile job on Jetbrains' side and they must fix it. Instead of fixing the problem that is more than two years old they disparage plugin developers. https://intellij-support.jetbrains.com/hc/en-us/community/posts/4408839632146-Signing-Plugin-always-throws-NullPointerException-pemObject-must-not-be-null
@nabato There is no need to call names publicly. Please keep a professional attitude.
@nabato There is no need to call names publicly. Please keep a professional attitude.
Reported for misinformation.
The bug is still here and you don't reopen it.
@YannCebron I still get the error: pemObject must not be null
gradle plugin version: 1.16.1
