diff --git a/src/lib/KmsRsaPssProvider.ts b/src/lib/KmsRsaPssProvider.ts index 21adf18..07ef5c3 100644 --- a/src/lib/KmsRsaPssProvider.ts +++ b/src/lib/KmsRsaPssProvider.ts @@ -1,3 +1,5 @@ import { RsaPssProvider } from 'webcrypto-core'; -export abstract class KmsRsaPssProvider extends RsaPssProvider {} +export abstract class KmsRsaPssProvider extends RsaPssProvider { + public abstract close(): Promise; +} diff --git a/src/lib/aws/AwsKmsRsaPssProvider.spec.ts b/src/lib/aws/AwsKmsRsaPssProvider.spec.ts index cb2f21e..44dbf9f 100644 --- a/src/lib/aws/AwsKmsRsaPssProvider.spec.ts +++ b/src/lib/aws/AwsKmsRsaPssProvider.spec.ts @@ -460,4 +460,16 @@ describe('AwsKmsRsaPssProvider', () => { ); }); }); + + describe('close', () => { + test('Client should be destroyed', async () => { + const client = new KMSClient({}); + const mockDestroy = jest.spyOn(client, 'destroy').mockReturnValue(undefined); + const provider = new AwsKmsRsaPssProvider(client); + + await provider.close(); + + expect(mockDestroy).toHaveBeenCalledWith(); + }); + }); }); diff --git a/src/lib/aws/AwsKmsRsaPssProvider.ts b/src/lib/aws/AwsKmsRsaPssProvider.ts index c416dbb..4716f33 100644 --- a/src/lib/aws/AwsKmsRsaPssProvider.ts +++ b/src/lib/aws/AwsKmsRsaPssProvider.ts @@ -114,6 +114,10 @@ export class AwsKmsRsaPssProvider extends KmsRsaPssProvider { throw new KmsError('Signature verification is unsupported'); } + async close(): Promise { + this.client.destroy(); + } + private async retrievePublicKey(key: AwsKmsRsaPssPrivateKey): Promise { const command = new GetPublicKeyCommand({ KeyId: key.arn }); const response = await this.client.send(command, REQUEST_OPTIONS); diff --git a/src/lib/gcp/GcpKmsRsaPssProvider.spec.ts b/src/lib/gcp/GcpKmsRsaPssProvider.spec.ts index 6c79f1a..59a4f52 100644 --- a/src/lib/gcp/GcpKmsRsaPssProvider.spec.ts +++ b/src/lib/gcp/GcpKmsRsaPssProvider.spec.ts @@ -770,3 +770,15 @@ describe('onVerify', () => { ); }); }); + +describe('close', () => { + test('Client should be closed', async () => { + const client = new KeyManagementServiceClient(); + const mockClose = jest.spyOn(client, 'close').mockResolvedValue(undefined); + const provider = new GcpKmsRsaPssProvider(client, KMS_CONFIG); + + await provider.close(); + + expect(mockClose).toHaveBeenCalledWith(); + }); +}); diff --git a/src/lib/gcp/GcpKmsRsaPssProvider.ts b/src/lib/gcp/GcpKmsRsaPssProvider.ts index 4f0a403..d8decc4 100644 --- a/src/lib/gcp/GcpKmsRsaPssProvider.ts +++ b/src/lib/gcp/GcpKmsRsaPssProvider.ts @@ -120,6 +120,10 @@ export class GcpKmsRsaPssProvider extends KmsRsaPssProvider { throw new KmsError('Signature verification is unsupported'); } + async close(): Promise { + await this.client.close(); + } + private async getGCPProjectId(): Promise { // GCP client library already caches the project id. return this.client.getProjectId();