Can i cache a WSE X509Certificate ? Is it threadsafe?

I am using WSE2.0 over a secure SSL connection. Each time i send a request
to the SSL webserver, i retreive a certificate from the certificate store.
To avoid the overhead of retrieving the certificate from the store for each
invocation of the web services method can i cache it?

Would this be safe inside a multithreaded web service environment..?

Can multiple threads use a shared X509Certificate resource?

Pseudo code example of current code and proposed replacement is pasted
below... should i have any reservations about doing this?

//
// Current code..
//

// client will invoke the webservice method HelloWorld, which in turn will
call IssueSecurityToken
[WebService]
void HelloWorld()
{
// do whatever....
MySecurityToken = IssueSecurityToken(SecurityToken securitytoken)

WebServicesClientProtocol wseproxy = new WebServicesClientProtocol
(); // assume allocated correctly in real code!!
wseproxy.ClientCertificates.Add( GetSSLCertificate() );
}

public MySecurityToken IssueSecurityToken(SecurityToken securitytoken)
{
// get the X509 certificate needed for this SSL connection
SoapHttpOutputChannel httpChannel = (SoapHttpOutputChannel)
base.Channel;
httpChannel.Options.ClientCertificates.Add( GetSSLCertificate() ) ;
// cert is retrieved each time

// talk to token service etc..
}


public static X509Certificate GetSSLCertificate()
{
store = X509CertificateStore.LocalMachineStore(
X509CertificateStore.MyStore );
store.OpenRead();
X509CertificateCollection systemCertificateCol =
store.FindCertificateBySubjectString(Configuration.CertificateSubject);
return systemCertificateCol[0];
}


//
// proposed replacement would be
//
static X509Certificate x509Cert = null; // is this safe to cache in a
multithreaded env??

public static X509Certificate GetSSLCertificate()
{
if(x509Cert == null)
{
store = X509CertificateStore.LocalMachineStore(
X509CertificateStore.MyStore );
store.OpenRead();
X509CertificateCollection systemCertificateCol =
store.FindCertificateBySubjectString(Configuration.CertificateSubject);
x509Cert = systemCertificateCol[0];
}
return x509Cert
}







.

Relevant Pages

  • Re: Active Directory Federation Services
    ... that is associated with their profile and the machine itself has a store. ... Just wanted to let you know that I got the cert problem fixed. ... the user certificate store. ... FSP was looking for certs in the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: SMS 2003 SP1 Client Install Problem or Policy Retreival Problem?
    ... > Failed to find running shell process ... >> It is possible that the crypto store has somehow been corrupted. ... >>> The MP is setup and thousands of other clients have access. ... >>> Failed to find the certificate in the store, ...
    (microsoft.public.sms.admin)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)