I am a little bit confused. I want to get the bytes of an String, which is hashed with SHA1.

JavaScript:

var content = "somestring";
console.warn(content.getBytes().toString());
console.warn(CryptoJS.SHA1(content.getBytes().toString()).toString().getBytes());

String.prototype.getBytes = function () {
var bytes = [];
for (var i = 0; i < this.length; i++){
    bytes.push(this.charCodeAt(i));
}
return bytes;
};

Array.prototype.toString = function(){
var result = "";
for(var i = 0; i < this.length; i++){
    result += this[i].toString();
}
return result;
}

which gives me

115111109101115116114105110103
[52, 99, 97, 54, 48, 56, 99, 51, 53, 54, 102, 54, 48, 53, 50, 49, 99, 51, 49, 51, 49, 100, 49, 97, 54, 55, 57, 55, 56, 55, 98, 52, 52, 52, 99, 55, 57, 102, 54, 101]

Java:

String message = "somestring";
byte[] sha1 = MessageDigest.getInstance("SHA1").digest(message.getBytes());
System.out.println(Arrays.toString(message.getBytes()));
System.out.println(Arrays.toString(sha1));
System.out.println(new String(sha1));

which gives me

[115, 111, 109, 101, 115, 116, 114, 105, 110, 103]
[-38, 99, -5, 105, -82, -80, 60, 119, 107, -46, 62, -111, -30, -63, -53, 61, -13, 1, 53, -45]
Úcûi®°<wkÒ>‘âÁË=ó5Ó

The first output is equal on JavaScript and Java, but the second is different. Why and how is a checksum like Úcûi®°<wkÒ>‘âÁË=ó5Ó possible?

Here's the solution:

Javascript:

key = 'testKey';
var hashedKey = CryptoJS.SHA1(key);
console.log(hashedKey);

Output: 2420e186fcdb8d0ea08d82fdfbfb8722d6cbf606

Java:

password="testKey";
final MessageDigest md = MessageDigest.getInstance("SHA1");
ByteArrayOutputStream pwsalt = new ByteArrayOutputStream();
pwsalt.write(password.getBytes("UTF-8"));
byte[] unhashedBytes = pwsalt.toByteArray();
byte[] digestVonPassword = md.digest(unhashedBytes);
System.out.println(bytesToHex(digestVonPassword));

Output: 2420E186FCDB8D0EA08D82FDFBFB8722D6CBF606

With the exceptions of capital vs. lowercase, the output is the same. It's in hex, by the way.

In your JavaScript you're doing a SHA-1 on a String which is the numbers from a byte Array (so is different to your String content).

console.warn(CryptoJS.SHA1(content.getBytes().toString()).toString().getBytes());
//                                              ^^

In your Java, you're doing a SHA-1 on a byte[] (which is equivalent to your String content)

byte[] sha1 = MessageDigest.getInstance("SHA1").digest(message.getBytes());
//                                                                ^^

Your toString is creating a very different piece of data to what you're SHA-1-ing in Java.

Also (not sure if relevant): internally, JavaScript uses UTF-16 for Strings.

Further, the logged output of your JavaScript cannot be a SHA-1 as it is the wrong length; this is due to .toString().getBytes() repeated on the sha1 after it's been calculated (Stephen C mentions this in this comment).

I found this library. It produces same values as Java

https://caligatio.github.io/jsSHA/