线性安全

• 静态变量：Java 中被 static 修饰的成员称为静态成员或类成员。它属于整个类所有，而不是某个对象所有，即被类的所有对象所共享。非线性安全。

public class ACSUtil {    private static final String  ALGORITHM= "DES";    private static final int KEY_SIZE = 128;    private static BASE64Encoder encoder;      private static BASE64Decoder decoder;      private static String seed ="HAIMGPLF";    private EncryptUtil() {    }      static {          encoder = new BASE64Encoder();          decoder = new BASE64Decoder();    }     /**     * 获取密钥     * @param seed 密钥种子     * @return     * @throws Exception     */    public static String getSecretKey(String seed) throws Exception {        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);          DESKeySpec keySpec = new DESKeySpec(seed.getBytes("UTF-8"));        SecretKey secretKey = keyFactory.generateSecret(keySpec);          return encoder.encode(secretKey.getEncoded());      }    /**      * 功能简述: 使用AES算法加密.      * @param plainData 明文数据      * @param key   密钥      * @return      * @throws Exception      */      public static byte[] encrypt(byte[] plainData) throws Exception {          try {            String key = getSecretKey(seed);            Key k = toKey(decoder.decodeBuffer(key));                    byte[] raw = k.getEncoded();                    SecretKeySpec secretKeySpec = new SecretKeySpec(raw, ALGORITHM);                     Cipher cipher = Cipher.getInstance(ALGORITHM);                     cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);            return cipher.doFinal(plainData);        } catch (Exception e) {            e.printStackTrace();            System.out.println("加密错误"+e.getMessage());            throw new Exception("加密错误",e);        }    }    /**      * 功能简述: 使用AES算法加密.      * @param plainData 明文数据      * @param key   密钥      * @return      * @throws Exception      */      public static String encryptHex(String plainDataStr) throws Exception {          byte[] plainData = plainDataStr.getBytes();//hex2byte(plainDataHex);        byte[] plainDataE = encrypt(plainData);        return byte2hex(plainDataE);    }    private static Key toKey(byte[] key) throws Exception {                SecretKey secretKey = new SecretKeySpec(key, ALGORITHM);                return secretKey;    }    /**      * 功能简述: 使用AES算法解密.      * @param cipherData    密文数据      * @param key   密钥      * @return      * @throws Exception      */      public static byte[] decrypt(byte[] plainDataE) throws Exception {          Key k = toKey(decoder.decodeBuffer(getSecretKey(seed)));                byte[] raw = k.getEncoded();                 SecretKeySpec secretKeySpec = new SecretKeySpec(raw, ALGORITHM);                 Cipher cipher = Cipher.getInstance(ALGORITHM);                 cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);                return cipher.doFinal(plainDataE);    }    /**      * 功能简述: 使用AES算法解密.      * @param cipherData    密文数据      * @param key   密钥      * @return      * @throws Exception      */      public static String decryptHex(String plainDataStr) throws Exception {        byte[] plainDataE = hex2byte(plainDataStr);        byte[] plainData = decrypt(plainDataE);        return new String(plainData);    }    /**     * <p>将byte[]转换成十六进制字符串</p>     * @param 待转换的数据     * @return 十六进制字符串（格式如0xF10x010x22）     */    public static String byte2hex(byte[] b) {        String hs="";        String stmp="";        for (int n=0;n<b.length;n++) {            stmp=(java.lang.Integer.toHexString(b[n] & 0xFF));            if (stmp.length()==1){                stmp="0"+stmp;            }            hs += "0x" + stmp;        }        return hs;    }    /**     * <p>将十六进制字符串转换成byte数组</p>     * @param s 十六进制字符串     * @return byte数组     */    public static byte[] hex2byte(String s) {        byte[] ret = null;        String[] ary = s.split("0x");        int idx = 0;        int length =0;        for(int i=0; i<ary.length; i++){            if(!ary[i].trim().equals("")){                length ++;            }        }        ret = new byte[length];        for(int i=0; i<ary.length; i++){            if(!ary[i].trim().equals("")){                int d = Integer.parseInt(ary[i], 16);                ret[idx++] = (byte)d;            }        }        return ret;    }} 

在高并发的时候调用此类进行加密解密，线性不安全，需要在相关加密解密方法加上synchronized修饰，或者将相关静态变量变为局部变量。