为了将来的参考，我会将答案发给我自己的问题（部分至少）

For future reference I'll post the answer to my own question (partly atleast)

OCSP和CRL检查已在标准Java实现中实现，不需要自定义代码或其他提供程序（BC，..）。它们默认是禁用的。

OCSP and CRL checks are implemented in the standard Java implementation already and there is no need for custom code or other providers (BC, ..). They are disabled by default.

要启用此功能，您必须至少设置两个参数：

To enable this, you have to atleast set two parameters:

(PKIXParameters or PKIXParameterBuilder) params.setRevocationEnabled(true);
Security.setProperty("ocsp.enable", "true");

当您尝试验证证书路径时，这将激活OCSP检查（PKIXCertPathValidatorResult.validate（）） 。

This will activate OCSP checking when you are trying to validate the certificate path (PKIXCertPathValidatorResult.validate()).

如果你想在没有OCSP的情况下为CRL添加回退检查，请添加一个aditional属性：

When you want to add the fallback check for CRL if no OCSP is available, add an aditional property:

System.setProperty("com.sun.security.enableCRLDP", "true");

由于我必须支持不同的证书格式（PKCS7），我的很多问题都在发生，PEM）。我的实现对于PEM工作正常，但由于PKCS7不保存链中证书的排序，因此它有点难度（ http://bugs.sun.com/view_bug.do?bug_id=6238093 ）

A lot of my problems are happening due to the fact that I have to support different certificate formats (PKCS7, PEM). My implementation works fine for PEM, but since PKCS7 does NOT save ordering of the certificates in the chain it is a bit harder (http://bugs.sun.com/view_bug.do?bug_id=6238093)

X509CertSelector targetConstraints = new X509CertSelector();

targetConstraints.setCertificate(certificates.get(0));
// Here's the issue for PKCS7 certificates since they are not ordered,
// but I havent figured out how I can see what the target certificate
// (lowest level) is in the incoming certificates..

PKIXBuilderParameters params = new PKIXBuilderParameters(anchors, targetConstraints);   

希望这对其他人也是有用的评论，或许有人可以阐明如何在无序的PKCS7列表中找到目标证书？

Hope this will be useful remarks for other people as well, perhaps someone can shed a light on how to find the target certificate in an unordered PKCS7 list?