Skip to content

Project Structure

Warden Supreme is structured into four groups:

  1. /supreme contains the Supreme integrated key and app attestation suite, building upon group 2.
  2. /serverside contains the server-side foundations with all the low-level logic to verify attestations.
  3. /utils contains unpublished utility helpers aimed at aiding analysis of attestation errors. These are meant to be used inside an IDE with an attached debugger.
  4. /dependencies contains external dependencies that are not published to Maven Central or anywhere else and are thus compiled into group 2 or used for testing.

Quick navigation

  • For the recommended end-to-end flow (mobile client + verifier + unified wire format), start at the Integration Guide.
  • For using the server-side libraries directly (without integrated clients), see Usage without Integrated Clients.
  • For WARDEN / WARDEN-roboto migration notes, see Migration.

/supreme

Name Info
Supreme verifier Supreme verifier to be integrated into back-end services that want to remotely establish trust in mobile clients through key and app attestation.
Supreme client Supreme client to be integrated into mobile apps that need to prove their integrity and trustworthiness to back-end services.
Supreme common Commons containing shared client and verifier logic, data classes, etc.

/supreme/config-hoplite

Lightweight JVM helper module that adds Hoplite decoders for AttestationConfiguration. See also Externalising Configuration.

Maven: at.asitplus.warden:config-hoplite

/supreme/config-spring

Experimental lightweight JVM helper module that binds Spring Boot configuration into a map and feeds it through the canonical fromJsonObject() path. See also Externalising Configuration.

Maven: at.asitplus.warden:config-spring

/serverside

The modules located here can be used on their own, in case the Supreme integrated attestation suite is not desired.

If you come from the legacy projects: WARDEN → Warden makoto (at.asitplus.warden:makoto, entry point Makoto) and WARDEN-roboto → Warden roboto (at.asitplus.warden:roboto, entry point Roboto).

Warden roboto Warden makoto
Android-only server-side key and app attestation library developed by A-SIT Plus. Used to be a separate project, now integrated here as a module. Unified server-side Android and iOS key and app attestation library providing a common API to remotely establish trust in Android and iOS devices. Depends on Warden roboto and Vincent Haupert's excellent DeviceCheck/AppAttest library.
Location: /serverside/roboto Location: /serverside/makoto
Maven: at.asitplus.warden:roboto Maven: at.asitplus.warden:makoto

/utils

This group houses the debugging/examination utils described in Debugging.

/dependencies

Google released reference Android attestation parsers (not full attestation checkers for remotely establishing trust in Android devices) and PKIX certificate path validators to complement parsing. They did not, however, publish those artefacts to Maven Central. Warden Supreme therefore integrates them as Git submodules and compiles them into Warden roboto.

In addition, an HTTP proxy is present to facilitate testing. It is not, however, shipped with any artefacts.