// Tests for oatpp-authkit/util/ConstantTime.hpp (authkit#16 L-7).
// Verifies functional correctness; timing-invariance is a property of the
// branch-free implementation, not asserted here.

#include "oatpp-authkit/util/ConstantTime.hpp"

#include <cstdio>
#include <string>

namespace {

int g_failures = 0;
#define REQUIRE(expr) do {                                                   \
    if (!(expr)) {                                                           \
        std::fprintf(stderr, "FAIL %s:%d  %s\n", __FILE__, __LINE__, #expr); \
        ++g_failures;                                                        \
    }                                                                        \
} while (0)

using namespace oatpp_authkit;

void test_constant_time_equals() {
    REQUIRE(constantTimeEquals("", ""));
    REQUIRE(constantTimeEquals("abc", "abc"));
    REQUIRE(constantTimeEquals(std::string(64, 'a'), std::string(64, 'a')));

    REQUIRE(!constantTimeEquals("abc", "abd"));      // differ at last byte
    REQUIRE(!constantTimeEquals("abc", "xbc"));      // differ at first byte
    REQUIRE(!constantTimeEquals("abc", "ab"));       // length mismatch (prefix)
    REQUIRE(!constantTimeEquals("ab", "abc"));
    REQUIRE(!constantTimeEquals("", "a"));

    // Embedded NUL handled (string-length aware, not C-string).
    REQUIRE(constantTimeEquals(std::string("a\0b", 3), std::string("a\0b", 3)));
    REQUIRE(!constantTimeEquals(std::string("a\0b", 3), std::string("a\0c", 3)));
}

} // namespace

int main() {
    test_constant_time_equals();
    std::printf("%s (%d failures)\n", g_failures ? "FAIL" : "OK", g_failures);
    return g_failures ? 1 : 0;
}