From d2c7c8be3e3be75bd4e08bf506f04dbb85026abe Mon Sep 17 00:00:00 2001
From: mkienenb <mkienenb@gmail.com>
Date: Tue, 19 Apr 2016 13:40:15 -0400
Subject: [PATCH] support separate logger for sensitive information

---
 src/main/java/net/authorize/util/HttpUtility.java | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/main/java/net/authorize/util/HttpUtility.java b/src/main/java/net/authorize/util/HttpUtility.java
index ad43a25d..b40de611 100644
--- a/src/main/java/net/authorize/util/HttpUtility.java
+++ b/src/main/java/net/authorize/util/HttpUtility.java
@@ -34,7 +34,11 @@
  */
 public final class HttpUtility {
 
-	private static Log logger = LogFactory.getLog(HttpUtility.class);	
+    private static class Sensitive {}
+
+    private static Log loggerSensitive = LogFactory.getLog(Sensitive.class);
+
+    private static Log logger = LogFactory.getLog(HttpUtility.class);   
 
 	static int httpConnectionTimeout = Environment.getIntProperty(Constants.HTTP_CONNECTION_TIME_OUT);
 	static int httpReadTimeout = Environment.getIntProperty(Constants.HTTP_READ_TIME_OUT);
@@ -68,7 +72,7 @@ static HttpPost createPostRequest(Environment env, ANetApiRequest request) throw
 
 		if(null != request) {
 			  postUrl = new URI(env.getXmlBaseUrl() + "/xml/v1/request.api");
-			  logger.debug(String.format("MerchantInfo->LoginId/TransactionKey: '%s':'%s'", request.getMerchantAuthentication().getName(), request.getMerchantAuthentication().getTransactionKey() ));
+			  loggerSensitive.debug(String.format("MerchantInfo->LoginId/TransactionKey: '%s':'%s'", request.getMerchantAuthentication().getName(), request.getMerchantAuthentication().getTransactionKey() ));
 			  logger.debug(String.format("Posting request to Url: '%s'", postUrl));
 			  httpPost = new HttpPost(postUrl);
               httpPost.getParams().setBooleanParameter(CoreProtocolPNames.USE_EXPECT_CONTINUE, false);
@@ -81,7 +85,7 @@ static HttpPost createPostRequest(Environment env, ANetApiRequest request) throw
 			  httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
 			  
 			  String xmlRequest = XmlUtility.getXml(request);
-			  logger.debug(String.format("Request: '%s%s%s'", LogHelper.LineSeparator, xmlRequest, LogHelper.LineSeparator));
+			  loggerSensitive.debug(String.format("Request: '%s%s%s'", LogHelper.LineSeparator, xmlRequest, LogHelper.LineSeparator));
 			  httpPost.setEntity(new StringEntity(xmlRequest, HTTP.UTF_8));
 		}