API review - Certificate Signing Request interfaces and class signatures

[maximsemenov80]

This pull request introduces support for certificate signing requests (CSR) to enable X.509 certificate renewal for devices in the Azure IoT Hub device SDK. The main changes include new request and response types, updates to the API version, and the addition of a new asynchronous method for sending certificate signing requests. The implementation is currently stubbed out in the MQTT transport handler, with validation and error handling in place.

Certificate Signing Request Support

• Added new types: CertificateSigningRequest, CertificateSigningResponse, and CertificateAcceptedResponse for representing the CSR protocol request and responses. Also added CredentialErrorResponse and CredentialOperationException for error handling. [1] [2] [3] [4] [5]
• Updated the latest API version in ClientApiVersionHelper.cs to 2025-08-01-preview to enable CSR support.

SDK API Changes

• Added SendCertificateSigningRequestAsync to DeviceClient and InternalClient with full documentation, validation, and error handling for sending CSRs and receiving certificates. [1] [2]
• Extended the pipeline and handler interfaces/classes (IDelegatingHandler, DefaultDelegatingHandler) to support the new CSR method. [1] [2]

Transport Layer Updates

• Stubbed out the CSR method in MQTT transport handler with protocol topic constants and a placeholder implementation. [1] [2]
• Added explicit NotSupportedException for CSR methods in AMQP and HTTP transport handlers to restrict the operation to MQTT only. [1] [2]

These changes lay the foundation for certificate renewal via MQTT and provide robust error handling and validation for the new credential management workflow.

[maximsemenov80]

reference doc: https://microsoft.sharepoint.com/:w:/t/DigitalOperations/IQASPfgVKWmAToR_hleaI0eAAcshb4Ms9rfpwCQR1lGEmzI?e=i46BoJ
reference client sample: https://github.com/emgarten/azure-iot-scale/blob/main/src/locust_pkg/cert_test.py

[ewertons]

Instead of creating a new function could we just call TryFromBase64String?

https://learn.microsoft.com/en-us/dotnet/api/system.convert.tryfrombase64string?view=net-10.0

[maximsemenov80]

there are number of convenient standard methods (ex.: Base64.IsValid()) available in newer .NET, but we have older net472 as target platform that's prevent us from using all newer APIs including your suggestion. We could use conditional compilation here, but this check is ones per CSR request, which is not frequent by definition, so all potential performance gains not worth code readability degradation and maintenance complications.