Fail to extract "Distribution" XML file from .pkg by using com.sprylab.xar:xar

I am running into an issue when uploading a macOS .pkg file to my MDM server, finally, find issue happens when using "com.sprylab.xar:xar" to unarchive the .pkg, the "Distribution" file extracted from .pkg is not in the correct format, it should be an XML file, but what I get is a binary data file.

PKGs which will run into this issue are all signed Apple Software, such as (Provisioning Utility 2.1.0.pkg,macOSDeveloperBetaAccessUtility.pkg) we can use "pkgutil --check-signature " command to check the signing cert chain:

pkgutil --check-signature Provisioning\ Utility\ 2.1.0.pkg 
Package "Provisioning Utility 2.1.0.pkg":
   Status: signed Apple Software
   Certificate Chain:
    1. Software Update
       Expires: 2029-04-14 21:28:23 +0000
       SHA256 Fingerprint:
           E0 74 D2 04 AC 24 98 E9 DC 90 4A 7B C7 CE D8 46 41 19 B7 9D 05 66 
           80 28 92 05 83 B1 E8 96 EB B4
       ------------------------------------------------------------------------
    2. Apple Software Update Certification Authority
       Expires: 2031-10-15 00:00:00 +0000
       SHA256 Fingerprint:
           12 99 E9 BF E7 76 A2 9F F4 52 F8 C4 F5 E5 5F 3B 4D FD 29 34 34 9D 
           D1 85 0B 82 74 F3 5C 71 74 5C
       ------------------------------------------------------------------------
    3. Apple Root CA
       Expires: 2035-02-09 21:40:36 +0000
       SHA256 Fingerprint:
           B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 
           68 C5 BE 91 B5 A1 10 01 F0 24

But other .pkg files which are signed by "Developer Installer" cert work well:

Package "ProdWrapped_qualys.pkg":
   Status: signed by a certificate that has since expired
   Certificate Chain:
    1. 3rd Party Mac Developer Installer: XXXX(XXXXXXXX)
       SHA256 Fingerprint:
           6E D8 DC A5 2E C3 3C DE 72 FA 10 AA DE 82 F3 59 3A 5E 46 1E 41 8E
           AF FC 89 B8 6C 82 57 6F 9C C4
       ------------------------------------------------------------------------
    2. Apple Worldwide Developer Relations Certification Authority
       SHA256 Fingerprint:
           CE 05 76 91 D7 30 F8 9C A2 5E 91 6F 73 35 F4 C8 A1 57 13 DC D2 73
           A6 58 C0 24 02 3F 8E B8 09 C2
       ------------------------------------------------------------------------
    3. Apple Root CA
       SHA256 Fingerprint:
           B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
           68 C5 BE 91 B5 A1 10 01 F0 24

Appreciated if anyone has any insight on this? Could it because of the codesign issue? Or we may need to change to use other unarchiver jars? If yes, any suggestion for unarchiving a .pkg?

Thanks, Wei