+ cr->cr_next = *cr_list;
+ *cr_list = cr;
+ }
+ return LDAP_SUCCESS;
+}
+
+/*
+ * If there is '.' in the name of a given attribute
+ * the first '.'- following characters are considered
+ * as a component reference of the attribute
+ * EX) userCertificate.toBeSigned.serialNumber
+ * attribute : userCertificate
+ * component reference : toBeSigned.serialNumber
+ */
+int
+is_component_reference( char* attr ) {
+ int i;
+ for ( i=0; attr[i] != '\0' ; i++ ) {
+ if ( attr[i] == '.' ) return (1);
+ }
+ return (0);
+}
+
+int
+extract_component_reference(
+ char* attr,
+ ComponentReference** cr )
+{
+ int i, rc;
+ char* cr_ptr;
+ int cr_len;
+ ComponentAssertionValue cav;
+ char text[1][128];
+
+ for ( i=0; attr[i] != '\0' ; i++ ) {
+ if ( attr[i] == '.' ) break;
+ }
+
+ if (attr[i] != '.' ) return LDAP_PARAM_ERROR;
+ attr[i] = '\0';
+
+ cr_ptr = attr + i + 1 ;
+ cr_len = strlen ( cr_ptr );
+ if ( cr_len <= 0 ) return LDAP_PARAM_ERROR;
+
+ /* enclosed between double quotes*/
+ cav.cav_ptr = cav.cav_buf = ch_malloc (cr_len+2);
+ memcpy( cav.cav_buf+1, cr_ptr, cr_len );
+ cav.cav_buf[0] = '"';
+ cav.cav_buf[cr_len+1] = '"';
+ cav.cav_end = cr_ptr + cr_len + 2;
+
+ rc = get_component_reference ( NULL, &cav, cr, (const char**)text );
+ if ( rc != LDAP_SUCCESS ) return rc;
+ (*cr)->cr_string.bv_val = cav.cav_buf;
+ (*cr)->cr_string.bv_len = cr_len + 2;
+
+ return LDAP_SUCCESS;
+}
+
+static int
+get_ca_use_default( Operation *op,
+ ComponentAssertionValue* cav,
+ int* ca_use_def, const char** text )
+{
+ strip_cav_str( cav, "useDefaultValues" );
+
+ if ( peek_cav_str( cav, "TRUE" ) == LDAP_SUCCESS ) {
+ strip_cav_str( cav, "TRUE" );