/// <summary>Encrypt the token.</summary> protected void EncryptToken(ReadOnlySpan <byte> payload, EncodingContext context) { var output = context.BufferWriter; EncryptionAlgorithm enc = _enc; var key = _encryptionKey; if (key is null) { ThrowHelper.ThrowKeyNotFoundException(); return; } KeyManagementAlgorithm alg = _alg; if (key.TryGetKeyWrapper(enc, alg, out var keyWrapper)) { var header = Header; byte[]? wrappedKeyToReturnToPool = null; byte[]? buffer64HeaderToReturnToPool = null; byte[]? arrayCiphertextToReturnToPool = null; int keyWrapSize = keyWrapper.GetKeyWrapSize(); Span <byte> wrappedKey = keyWrapSize <= Constants.MaxStackallocBytes ? stackalloc byte[keyWrapSize] : new Span <byte>(wrappedKeyToReturnToPool = ArrayPool <byte> .Shared.Rent(keyWrapSize), 0, keyWrapSize); var cek = keyWrapper.WrapKey(null, header, wrappedKey); try { using var bufferWriter = new PooledByteBufferWriter(); var writer = new Utf8JsonWriter(bufferWriter, JsonSerializationBehavior.NoJsonValidation); int base64EncodedHeaderLength = 0; ReadOnlySpan <byte> headerJson = default; var headerCache = context.HeaderCache; if (headerCache.TryGetHeader(header, alg, enc, _kid, _typ, _cty, out byte[]? cachedHeader))