--- old/test/jdk/tools/jpackage/macosx/base/SigningBase.java	2020-04-03 08:45:20.541660800 -0400
+++ new/test/jdk/tools/jpackage/macosx/base/SigningBase.java	2020-04-03 08:45:18.571963200 -0400
@@ -73,17 +73,26 @@
                 .setExecutable("/usr/sbin/spctl")
                 .addArguments("-vvv", "--assess", "--type", type,
                         target.toString())
-                .executeAndGetOutput();
+                // on Catalina, the exit code can be 3, meaning not notarized
+                .saveOutput()
+                .executeWithoutExitCodeCheck()
+                .getOutput();
 
         return result;
     }
 
     private static void verifySpctlResult(List<String> result, Path target, String type) {
         result.stream().forEachOrdered(TKit::trace);
-        String lookupString = target.toString() + ": accepted";
+        String lookupString;
+/* on Catalina, spctl may return 3 and say:
+ *   target: rejected
+ *   source=Unnotarized DEV_NAME
+ * so we must skip these two checks
+        lookupString = target.toString() + ": accepted";
         checkString(result, lookupString);
         lookupString = "source=" + DEV_NAME;
         checkString(result, lookupString);
+ */
         if (type.equals("install")) {
             lookupString = "origin=" + INSTALLER_CERT;
         } else {