1 files changed, 38 insertions, 1 deletions

diff --git a/mullvad-cli/src/cmds/tunnel.rs b/mullvad-cli/src/cmds/tunnel.rs
index bbd1a0e2a1..0c05c1946d 100644
--- a/mullvad-cli/src/cmds/tunnel.rs
+++ b/mullvad-cli/src/cmds/tunnel.rs
@@ -38,7 +38,8 @@ fn create_wireguard_subcommand() -> clap::App<'static, 'static> {
     let app = clap::SubCommand::with_name("wireguard")
         .about("Manage options for Wireguard tunnels")
         .setting(clap::AppSettings::SubcommandRequired)
-        .subcommand(create_wireguard_mtu_subcommand());
+        .subcommand(create_wireguard_mtu_subcommand())
+        .subcommand(create_wireguard_keys_subcommand());
     if cfg!(target_os = "linux") {
         app.subcommand(create_wireguard_fwmark_subcommand())
     } else {
@@ -57,6 +58,14 @@ fn create_wireguard_mtu_subcommand() -> clap::App<'static, 'static> {
         )
 }
 
+fn create_wireguard_keys_subcommand() -> clap::App<'static, 'static> {
+    clap::SubCommand::with_name("key")
+        .about("Manage your wireguard keys")
+        .setting(clap::AppSettings::SubcommandRequired)
+        .subcommand(clap::SubCommand::with_name("check"))
+        .subcommand(clap::SubCommand::with_name("generate"))
+}
+
 fn create_wireguard_fwmark_subcommand() -> clap::App<'static, 'static> {
     clap::SubCommand::with_name("fwmark")
         .about("Configure the firewall mark used to direct traffic through Wireguard tunnel")
@@ -227,6 +236,12 @@ impl Tunnel {
                 _ => unreachable!("unhandled command"),
             },
 
+            ("key", Some(matches)) => match matches.subcommand() {
+                ("check", _) => Self::process_wireguard_key_check(),
+                ("generate", _) => Self::process_wireguard_key_generate(),
+                _ => unreachable!("unhandled command"),
+            },
+
             #[cfg(target_os = "linux")]
             ("fwmark", Some(matches)) => match matches.subcommand() {
                 ("get", _) => Self::process_wireguard_fwmark_get(),
@@ -265,6 +280,28 @@ impl Tunnel {
         Ok(())
     }
 
+    fn process_wireguard_key_check() -> Result<()> {
+        let mut rpc = new_rpc_client()?;
+        match rpc.get_wireguard_key()? {
+            Some(key) => {
+                println!("Current key: {}", key);
+            }
+            None => {
+                println!("No key is set");
+                return Ok(());
+            }
+        };
+
+        let is_valid = rpc.verify_wireguard_key()?;
+        println!("Key is valid for use with current account: {}", is_valid);
+        Ok(())
+    }
+
+    fn process_wireguard_key_generate() -> Result<()> {
+        let mut rpc = new_rpc_client()?;
+        rpc.generate_wireguard_key().map_err(|e| e.into())
+    }
+
     #[cfg(target_os = "linux")]
     fn process_wireguard_fwmark_get() -> Result<()> {
         let tunnel_options = Self::get_tunnel_options()?;