c05fdf790c
The checksum validation logic, which was updated early on in the whole process of deprecating md5, didn't account for a URL *or* a longer checksum (i.e. sha256/sha512) which was decided while the overall approach was being decided. Fixes the logic, and adds additional tests. Change-Id: Ic4053776e131fc02ace295a1e69e9f9faab47f42