[webcrypto] Properly fail-fast when importing RSA key as JWK with bad usages.

content/child/webcrypto/openssl/rsa_key_openssl.cc

Index: content/child/webcrypto/openssl/rsa_key_openssl.cc
diff --git a/content/child/webcrypto/openssl/rsa_key_openssl.cc b/content/child/webcrypto/openssl/rsa_key_openssl.cc
index 4d01c8eda2ea8057124c88ac2c3500163f914eff..554b55c726857846d1b07a4fede0863dc5f622e7 100644
--- a/content/child/webcrypto/openssl/rsa_key_openssl.cc
+++ b/content/child/webcrypto/openssl/rsa_key_openssl.cc
@@ -319,9 +319,16 @@ Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey(
     case blink::WebCryptoKeyFormatPkcs8:
       return CheckKeyCreationUsages(all_private_key_usages_, usages);
     case blink::WebCryptoKeyFormatJwk:
-      // TODO(eroman): http://crbug.com/395904
-      return CheckKeyCreationUsages(
-          all_public_key_usages_ | all_private_key_usages_, usages);
+      // The JWK could represent either a public key or private key. The usages
+      // must make sense for one of the two. The usages will be checked again by
+      // ImportKeyJwk() once the key type has been determined.
+      if (CheckKeyCreationUsages(all_private_key_usages_, usages)
+              .IsSuccess() ||
+          CheckKeyCreationUsages(all_public_key_usages_, usages)
+              .IsSuccess()) {
+        return Status::Success();
+      }
+      return Status::ErrorCreateKeyBadUsages();
     default:
       return Status::ErrorUnsupportedImportKeyFormat();
   }