If an element has more than 23 attributes, an xml signature over that element will fail to
validate. Instead an ArrayIndexOutOfBoundsException will be thrown. This is due to a bug
in the underlying Apache canonicalization implementaion. It has been fixed in later releases
of the Apache XMLSec libraries (1.4 and up), but JDK 6 is based on 1.3.1 and thus this bug
should be fixed/backported.
This was reported by a user who was trying to validate a signed ODT (Open Office) document.
See the Java Forum for more information: http://forum.java.sun.com/thread.jspa?threadID=5271276