我正在使用以下代码根据引用here验证X509Certificate。

static void verifyCertTrust(X509Certificate certificate, Set<X509Certificate> additionalCerts) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, CertPathValidatorException, InvalidAlgorithmParameterException, CertPathBuilderException{

        Set<X509Certificate> trustedRoots = new HashSet<X509Certificate>();
        Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>();

        for (X509Certificate cert : additionalCerts) {
            if(isSelfSigned(cert)){
                trustedRoots.add(cert);
            }
            else{
                intermediateCerts.add(cert);
            }
        }

        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        for (X509Certificate root : trustedRoots) {
            trustAnchors.add(new TrustAnchor(root, null));
        }

        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(certificate);


        PKIXParameters parameters = new PKIXBuilderParameters(trustAnchors, selector);
        parameters.setRevocationEnabled(false);
        CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts), "BC");
        parameters.addCertStore(intermediateCertStore);

        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", "BC");
        cpb.build(parameters);

    }

Exception in thread "main" java.security.cert.CertPathBuilderException: No certificate found matching targetContraints.
    at org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    at signer.GetPkcs11Key.verifyCertTrust(GetPkcs11Key.java:105)
    at signer.GetPkcs11Key.main(GetPkcs11Key.java:71)

在您的示例中，要验证的证书必须位于CertStore中，因此请添加以下内容:

 parameters.setRevocationEnabled...;
 //Add the certitificate to the cert store
 intermediateCerts.add(certificate);
 CertStore intermediateCertStore....