@Test public void test_serialize_and_restore_wrongkey() throws Exception { ClientCredential credential = new ClientCredential("ClientCredential#clientId", "ClientCredential#clientSecret"); ClientCredential wrongCredential = new ClientCredential("ClientCredential#clientId", "ClientCredential#clientSecret#wrong"); GoogleTokenResponse tokenResponse = new GoogleTokenResponse(); tokenResponse.setAccessToken("accessToken"); tokenResponse.setRefreshToken("refreshToken"); tokenResponse.setExpiresInSeconds(3600L); String session = SessionManager.serialize(tokenResponse, credential); GoogleTokenResponse decoded = SessionManager.restore(session, wrongCredential); assertThat(decoded, is(nullValue())); }