From 406cc7cac6fcef623088d75feefd8f80daecdfdd Mon Sep 17 00:00:00 2001
From: Oscar Virot <virot@virot.com>
Date: Fri, 21 Mar 2025 17:08:43 +0100
Subject: [PATCH 1/3] CSR requires 5.3.0 to get metadata

---
 .../PIV/BuildYubiKeyPIVCertificateSigningRequest.cs       | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
index ac26e3a..d7717dd 100644
--- a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
+++ b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
@@ -65,7 +65,13 @@ protected override void ProcessRecord()
                 CertificateRequest request;
                 X509SignatureGenerator signer;
 
-                // get the metadata catch if fails                
+                // This is only supported on firmware 5.3.0 and newer.
+                if (((YubiKeyDevice)YubiKeyModule._yubikey!).FirmwareVersion < new FirmwareVersion(5, 3, 0))
+                {
+                    throw new NotSupportedException("This feature requires firmware version 5.3.0 or newer.");
+                }
+                
+                // get the metadata catch if fails
                 PivMetadata? metadata = null;
                 PivPublicKey? publicKey = null;
                 try

From 32f3bb79fdf759619a5b2be0bb1e88fbf500c878 Mon Sep 17 00:00:00 2001
From: Oscar Virot <virot@virot.com>
Date: Sun, 23 Mar 2025 10:33:47 +0100
Subject: [PATCH 2/3] Build-YubiKeyPIVCertificateSigningRequest should return a
 System.Security.Cryptography.X509Certificates.CertificateRequest  unless a
 File or PEMEncoding was requested

---
 Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
index d7717dd..e6bc553 100644
--- a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
+++ b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
@@ -168,7 +168,8 @@ protected override void ProcessRecord()
                     }
                     else
                     {
-                        WriteObject(requestSigned);
+                        var csrObject = CertificateRequest.LoadSigningRequestPem(pemData.AsSpan(), HashAlgorithm, CertificateRequestLoadOptions.UnsafeLoadCertificateExtensions);
+                        WriteObject(csrObject);
                     }
                 }
                 WriteDebug("ProcessRecord in New-YubikeyPIVCSR");

From 522c9e81be8499088e99b1563cbb6042e4aa9d82 Mon Sep 17 00:00:00 2001
From: Oscar Virot <virot@virot.com>
Date: Sun, 23 Mar 2025 10:48:54 +0100
Subject: [PATCH 3/3] Lint fix

---
 Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
index e6bc553..501d38a 100644
--- a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
+++ b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs
@@ -70,7 +70,7 @@ protected override void ProcessRecord()
                 {
                     throw new NotSupportedException("This feature requires firmware version 5.3.0 or newer.");
                 }
-                
+
                 // get the metadata catch if fails
                 PivMetadata? metadata = null;
                 PivPublicKey? publicKey = null;