PDF Unknown signing icon

Question

I am signing PDF programmatically. Every new signature is added in an incremental way where I add the signature dictionnary after the %EOF and I update the AcroForm like this (sorry, I'm at work so I can't upload the PDF) :

... // ORIGINAL FILE

trailer
<<
/Size 11
/Root 1 0 R
/Info 10 0 R
>>

startxref
2714
%%EOF
1 0 obj 
<</Type /Catalog /Outlines 2 0 R /Pages 3 0 R /AcroForm <</Fields [11 0 R ] /SigFlags 3 >> /Names 14 0 R >>
endobj

...

11 0 obj 
<</Type /Annot /SubType /Widget /Rect [0 0 0 0 ] /P 4 0 R /F 4 /FT /Sig /T (Signature) /Ff 0 /V <</Type /Sig /Filter /Adobe.PPKLite /SubFilter /adbe.pkcs7.detached /ByteRange [0 3729 15473 422                   ] /Contents <308209...> 
/M (D:20170801165520+02'00') >> >>
endobj

...

trailer
<</Size 15 /Root 1 0 R /Info 10 0 R /Prev 2714 >>
startxref
15609
%%EOF
1 0 obj 
<</Type /Catalog /Outlines 2 0 R /Pages 3 0 R /AcroForm <</Fields [15 0 R ] /SigFlags 3 >> /Names 14 0 R >>
endobj

...

15 0 obj 
<</Type /Annot /SubType /Widget /Rect [0 0 0 0 ] /P 4 0 R /F 4 /FT /Sig /T (Signature) /Ff 0 /V <</Type /Sig /Filter /Adobe.PPKLite /SubFilter /adbe.pkcs7.detached /ByteRange [0 16632 28376 387                  ] /Contents <3082062...> 
/M (D:20170802094848+02'00') >> >>
endobj
16 0 obj 

...

<</Size 18 /Root 1 0 R /Info 10 0 R /Prev 15609 >>
startxref
28476
%%EOF

Maybe the problem is that I have multiple objects having the same ID and that my last AcroForm only refers to the last signature ? I want to be able to sign one file multiple times but I have an issue. The first signing is okay and displays this banner :

And then I try to sign the same file another time with another certificate and this give me this trash can icon next to the signature and says it was removed as you can see here :

I am using Zend_PDF to parse the file and add the signature.

EDIT : Thanks to @mkl the 2 signatures are now recognized by Adobe Reader. My AcroForms now look like this :

2714
%%EOF
1 0 obj 
<</Type /Catalog /Outlines 2 0 R /Pages 3 0 R /AcroForm <</Fields [11 0 R ] /SigFlags 3 >> /Names 14 0 R >>
endobj

... 

15610
%%EOF
1 0 obj 
<</Type /Catalog /Outlines 2 0 R /Pages 3 0 R /AcroForm <</Fields [11 0 R 15 0 R ] /SigFlags 3 >> /Names 14 0 R >>
endobj

...

And I have this surprising errors since I didn't modify anything about the ByteRange and I verified by hand that they are correct. Is is about my new modifications ?

Answer 1

While adding the first signature you set the AcroForm dictionary to

/AcroForm <</Fields [11 0 R ] /SigFlags 3 >> 

For the second one, you set it to

/AcroForm <</Fields [15 0 R ] /SigFlags 3 >>

I.e. you removed 11 0 R from it and added 15 0 R to it. Thus, you indeed deleted the first signature field from the form structure.

You should instead only have added the new signature field:

/AcroForm <</Fields [11 0 R 15 0 R ] /SigFlags 3 >>

Furthermore, both your signature fields have the same name

11 0 obj 
<<
    ...
    /T (Signature) 
    ...
>>
endobj
...
15 0 obj 
<<
    ...
    /T (Signature)
    ...
>>
endobj

Obviously, different form fields must have different names.