Add caching to revocation checks for JWS verification

[damonho]

Hi, we have been having issues with latency using the library.

One of our deployment environments is behind a firewall in China and suffers from high latency when making any requests to Apple. We have recently switched it over from using verifyReceipt to using getAllSubscriptionStatus in the App Store Server API. We have noticed that the latency of this has increased a lot because we not only have to call out to Apple now, we also have to call out to the Apple OCSP servers to perform certificate revocation checks (online checks) to decode each JWS payload in the response.

We have gotten around this right now by disabling all the online checks in this environment which reduced the latency to what it used to be with verifyReceipt. However this leaves us exposed to possible security risks and we are looking at ways to re-enable these online checks.

Have you considered adding some form of caching to reduce the number of OCSP/certificate revocation calls made?

[alexanderjordanbaker]

https://github.com/apple/app-store-server-library-java/pull/127

[damonho]

Thanks!