[Bug]: Device attestation validation returns 500 for invalid CBOR payload

[basovnik]

Steps to Reproduce

• Fake reproducer: Configure empty JSON in the payload part of the JWK for /acme/acme/challenge/... HTTP call.
• Real reproducer: Try to generate device certificate using device attestation on MacOS 15 Beta with INTEL processor with profile configuration attribute HardwareBound=false (link).

Your Environment

• OS - MacOS 15 Beta
• step-ca Version - v0.26.2
• INTEL processor
• HardwareBound=false

Expected Behavior

The server should return a client error -> status 400.

Actual Behavior

The server returns internal error -> status 500.

Unexpected error: error validating challenge: error unmarshalling CBOR: EOF Log message:

ERRO[6548] duration=33.057877ms duration-ns=33057877 error="error validating challenge: error unmarshalling CBOR: EOF" fields.time="2024-06-26T11:16:32+02:00" method=POST name=ca nonce=eHpuMGRaMlpMa3BoU0JUcDJwWnZSeVprRE44QmJ3Y1c path=/acme/acme/challenge/6zzEABv1oqdHExiAETjjR0RHVnD4hwVP/P9STwds3QRTt5CQhMCjU3ij4Uxs5cN6W protocol=HTTP/1.1 referer= remote-address=127.0.0.1 request-id=2dfcf8a3-c285-4fd0-80d5-9efc05688c82 response="{\"type\":\"urn:ietf:params:acme:error:serverInternal\",\"detail\":\"The server experienced an internal error\"}" size=105 status=500 user-agent="Apache-HttpClient/4.5.13 (Java/17.0.4)" user-id=

Additional Context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).