I came across this question when attempting to find out the exact same thing. I later worked out how to do it, so figured I'd post the answer here.

我在试图找出完全相同的东西时遇到了这个问题。后来我想出了怎么做，所以想我会在这里发布答案。

The things that need to happen are:

需要发生的事情是：

• canonicalization
• create digest value, typically SHA1 (but could be SHA256 amongst others)
• base64 encode it

• 规范化
• 创建摘要值，通常是 SHA1（但也可能是 SHA256）
• base64 编码

The canonicalization part was fairly simple, as the Java libraries did that for me. What I struggled with was the next bit, the creating of the digest, because I made a fatal error in that the SHA1 digest I generated was the SHA1 in HEX form. SHA1 is 160 bits, so 20 bytes, but if you output these 160 bits in HEX, you get 40 characters. If you then base64 encode that, you get totally the wrong valuecompared to what should be in the DigestValue.

规范化部分相当简单，因为 Java 库为我做了这件事。我挣扎的是下一点，即摘要的创建，因为我犯了一个致命错误，因为我生成的 SHA1 摘要是十六进制形式的 SHA1。SHA1 是 160 位，所以是 20 字节，但是如果你以十六进制输出这 160 位，你会得到 40 个字符。如果然后对它进行 base64 编码，则与 DigestValue 中的值相比，您会得到完全错误的值。

Instead, you should generate the SHA1 digest and base64 encode the 20 byte output. Don't try to output the 20 bytes to STDOUT as it's highly unlikely to be readable (which is why people often output the HEX equivalent, since it isreadable). Instead, just base64 encode the 20 bytes and that's your DigestValue.

相反，您应该生成 SHA1 摘要并对 20 字节输出进行 base64 编码。不要尝试将 20 个字节输出到 STDOUT，因为它不太可能是可读的（这就是为什么人们经常输出等效的十六进制，因为它是可读的）。相反，只需对 20 个字节进行 base64 编码，这就是您的 DigestValue。

Is very simple, use openssl in the console:

很简单，在控制台中使用openssl：

openssl dgst -binary -sha1 file | openssl enc -base64

openssl dgst -binary -sha1 文件 | openssl enc -base64

Done

完毕

This is a JAVA solution which requires the following jars:

这是一个 JAVA 解决方案，需要以下 jars：

• commons-logging-1.2.jar
• commons-codec-1.6.jar
• Saxon-HE-9.4.jar
• xmlsec-1.3.0.jar

• commons-logging-1.2.jar
• commons-codec-1.6.jar
• Saxon-HE-9.4.jar
• xmlsec-1.3.0.jar

This solution uses http://www.w3.org/2001/10/xml-exc-c14n#as the canonicalization algorithm, and uses SHA256as the hashing algorithm and base64 encoding.

该方案http://www.w3.org/2001/10/xml-exc-c14n#用作规范化算法，SHA256用作散列算法和base64编码。

Note: documentrepresents the XML document as a DOM object in JAVA.

注意：document在 JAVA 中将 XML 文档表示为 DOM 对象。

Code sample:

代码示例：

        // create the transformer in order to transform the document from
        // DOM Source as a JAVA document class, into a character stream (StreamResult) of
        // type String writer, in order to be converted to a string later on
        TransformerFactory tf = new net.sf.saxon.TransformerFactoryImpl();
        Transformer transformer = tf.newTransformer();
        transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
        transformer.setOutputProperty(OutputKeys.METHOD, "xml");
        transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");

        // create the string writer and transform the document to a character stream
        StringWriter sw = new StringWriter();
        transformer.transform(new DOMSource(document), new StreamResult(sw));

        String documentAsString = sw.toString();

        // initialize the XML security object, which is necessary to run the apache canonicalization
        com.sun.org.apache.xml.internal.security.Init.init();

        // canonicalize the document to a byte array and convert it to string
        Canonicalizer canon = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        byte canonXmlBytes[] = canon.canonicalize(documentAsString.getBytes());
        String canonXmlString = new String(canonXmlBytes);

        // get instance of the message digest based on the SHA-256 hashing algorithm
        MessageDigest digest = MessageDigest.getInstance("SHA-256");

        // call the digest method passing the byte stream on the text, this directly updates the message
        // being digested and perform the hashing
        byte[] hash = digest.digest(canonXmlString.getBytes(StandardCharsets.UTF_8));

        // encode the endresult byte hash
        byte[] encodedBytes = Base64.encodeBase64(hash);

        return new String(encodedBytes);

I have encountered exactly this problem myself: I was generating an XML signature in Java & validating in .NET, and the validation always failed. In my case the cause was the 'print XML to file' function XMLWrite.m (yes, in MATLAB*) which was 'pretty printing' the XML, inserting tabs, spaces, and newlines as it saw fit. Since these are part of the document, naturally the validation failed (it failed in Java, too). Looking at your source, this may be happening to you. Use a Transformer (javax.xml.transform.*) to serialise your DOM properly without changing the content.

我自己也遇到过这个问题：我在 Java 中生成 XML 签名并在 .NET 中验证，但验证总是失败。在我的例子中，原因是“将 XML 打印到文件”函数 XMLWrite.m（是的，在 MATLAB* 中）它“漂亮地打印”了 XML，插入了它认为合适的制表符、空格和换行符。由于这些是文档的一部分，自然验证失败（在 Java 中也失败）。查看您的消息来源，这可能发生在您身上。使用 Transformer (javax.xml.transform.*) 在不更改内容的情况下正确序列化 DOM。

*You did know that MATLAB understands Java as well? You can just type Java statements into the interpreter console & they will be executed like native m-code.

*您知道 MATLAB 也能理解 Java 吗？您只需在解释器控制台中输入 Java 语句，它们就会像本机 m 代码一样执行。