[webcrypto] Properly fail-fast when importing RSA key as JWK with bad usages.

content/child/webcrypto/nss/rsa_key_nss.cc

Index: content/child/webcrypto/nss/rsa_key_nss.cc
diff --git a/content/child/webcrypto/nss/rsa_key_nss.cc b/content/child/webcrypto/nss/rsa_key_nss.cc
index 370bdb2f81cffd0a61e99dc77ab7a1c7cdb4fcaf..f9619a62a16642bfeb5e5422dd75eccef6b09a9f 100644
--- a/content/child/webcrypto/nss/rsa_key_nss.cc
+++ b/content/child/webcrypto/nss/rsa_key_nss.cc
@@ -612,8 +612,16 @@ Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey(
     case blink::WebCryptoKeyFormatPkcs8:
       return CheckKeyCreationUsages(all_private_key_usages_, usages);
     case blink::WebCryptoKeyFormatJwk:
-      return CheckKeyCreationUsages(
-          all_public_key_usages_ | all_private_key_usages_, usages);
+      // The JWK could represent either a public key or private key. The usages
+      // must make sense for one of the two. The usages will be checked again by
+      // ImportKeyJwk() once the key type has been determined.
+      if (CheckKeyCreationUsages(all_private_key_usages_, usages)
+              .IsSuccess() ||
+          CheckKeyCreationUsages(all_public_key_usages_, usages)
+              .IsSuccess()) {
+        return Status::Success();
+      }
+      return Status::ErrorCreateKeyBadUsages();
     default:
       return Status::ErrorUnsupportedImportKeyFormat();
   }