/// <summary>Encrypt the token.</summary>
protected void EncryptToken(ReadOnlySpan <byte> payload, EncodingContext context)
{
var output = context.BufferWriter;
EncryptionAlgorithm enc = _enc;
var key = _encryptionKey;
if (key is null)
{
ThrowHelper.ThrowKeyNotFoundException();
return;
}
KeyManagementAlgorithm alg = _alg;
if (key.TryGetKeyWrapper(enc, alg, out var keyWrapper))
{
var header = Header;
byte[]? wrappedKeyToReturnToPool = null;
byte[]? buffer64HeaderToReturnToPool = null;
byte[]? arrayCiphertextToReturnToPool = null;
int keyWrapSize = keyWrapper.GetKeyWrapSize();
Span <byte> wrappedKey = keyWrapSize <= Constants.MaxStackallocBytes ?
stackalloc byte[keyWrapSize] :
new Span <byte>(wrappedKeyToReturnToPool = ArrayPool <byte> .Shared.Rent(keyWrapSize), 0, keyWrapSize);
var cek = keyWrapper.WrapKey(null, header, wrappedKey);
try
{
using var bufferWriter = new PooledByteBufferWriter();
var writer = new Utf8JsonWriter(bufferWriter, JsonSerializationBehavior.NoJsonValidation);
int base64EncodedHeaderLength = 0;
ReadOnlySpan <byte> headerJson = default;
var headerCache = context.HeaderCache;
if (headerCache.TryGetHeader(header, alg, enc, _kid, _typ, _cty, out byte[]? cachedHeader))
