I feel this behavior would break the signature verification if I receive a signed document from a person not using apache library. Has the current implementation been tested for interoperability?
While I agree it's not the most beautiful solutions I am afraid there's no other easy way to do it. Please read the comments around the "circumventBug????". It's a Xerces issue that they classified as "won't fix" a while ago.
Take a look at the InteropTests.. there are extensive interop tests between all sorts of implementations.. certainly the verification of documents signed by other implementations.
