fix[backend](cypherUtil): make key|iv derivation be local instead of static

Author: AlexSanchez-bit

backend/src/main/java/com/park/utmstack/util/CipherUtil.java

@@ -14,21 +14,32 @@
 
 public class CipherUtil {
     private static final String CLASSNAME = "CipherUtil";
-    private static SecretKeySpec secretKey;
-    private static IvParameterSpec iv;
     private static final String CIPHER_INSTANCE = "AES/CBC/PKCS5Padding";
+    private static final int ITERATION_COUNT = 65536;
+    private static final int KEY_LENGTH = 128;
 
-    private static void setKey(String myKey) throws Exception {
-        final String ctx = CLASSNAME + ".";
+    private static class CryptoContext {
+        final SecretKeySpec secretKey;
+        final IvParameterSpec iv;
+
+        CryptoContext(SecretKeySpec secretKey, IvParameterSpec iv) {
+            this.secretKey = secretKey;
+            this.iv = iv;
+        }
+    }
+
+    private static CryptoContext getCryptoContext(String myKey) throws Exception {
+        final String ctx = CLASSNAME + ".getCryptoContext";
         try {
             byte[] salt = myKey.getBytes(StandardCharsets.UTF_8);
             MessageDigest sha = MessageDigest.getInstance("SHA-1");
             salt = sha.digest(salt);
-            KeySpec spec = new PBEKeySpec(myKey.toCharArray(), salt, 65536, 128); // AES-256
+            KeySpec spec = new PBEKeySpec(myKey.toCharArray(), salt, ITERATION_COUNT, KEY_LENGTH);
             SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
             byte[] key = f.generateSecret(spec).getEncoded();
-            secretKey = new SecretKeySpec(key, "AES");
-            iv = new IvParameterSpec(Arrays.copyOf(salt, 16));
+            SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
+            IvParameterSpec iv = new IvParameterSpec(Arrays.copyOf(salt, 16));
+            return new CryptoContext(secretKey, iv);
         } catch (Exception e) {
             throw new Exception(ctx + ": " + e.getMessage());
         }
@@ -37,9 +48,9 @@ private static void setKey(String myKey) throws Exception {
     public static String encrypt(String str, String secret) {
         final String ctx = CLASSNAME + ".encrypt";
         try {
-            setKey(secret);
+            CryptoContext context = getCryptoContext(secret);
             Cipher cipher = Cipher.getInstance(CIPHER_INSTANCE);
-            cipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
+            cipher.init(Cipher.ENCRYPT_MODE, context.secretKey, context.iv);
             return Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
         } catch (Exception e) {
             throw new RuntimeException(ctx + ": " + e.getMessage());
@@ -49,9 +60,9 @@ public static String encrypt(String str, String secret) {
     public static String decrypt(String str, String secret) {
         final String ctx = CLASSNAME + ".decrypt";
         try {
-            setKey(secret);
+            CryptoContext context = getCryptoContext(secret);
             Cipher cipher = Cipher.getInstance(CIPHER_INSTANCE);
-            cipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
+            cipher.init(Cipher.DECRYPT_MODE, context.secretKey, context.iv);
             return new String(cipher.doFinal(Base64.getDecoder().decode(str)));
         } catch (Exception e) {
             throw new RuntimeException(ctx + ": " + e.getMessage());