Update algorithm of credentials on settings update

src/main/java/io/jenkins/plugins/oidc_provider/IdTokenCredentials.java

@@ -165,20 +165,23 @@ public final String getAudience() {
         this.audience = Util.fixEmpty(audience);
     }
 
-    public void setAlgorithm(SupportedKeyAlgorithm algorithm) {
+    public boolean updateAlgorithm(SupportedKeyAlgorithm algorithm) throws Exception {
         Objects.requireNonNull(algorithm);
 
-        boolean shouldRotate= this.algorithm == algorithm;
+        boolean shouldRotate= this.algorithm != algorithm;
 
         this.algorithm = algorithm;
 
         if(shouldRotate) {
             rotateKeyPair();
         }
+
+        return shouldRotate;
     }
 
-    private void rotateKeyPair() {
+    private void rotateKeyPair() throws Exception {
         this.secretKeyPair = SecretKeyPair.forAlgorithm(algorithm);
+        this.kp = this.secretKeyPair.toKeyPair();
     }
 
     @NonNull public SupportedKeyAlgorithm getAlgorithm() {

src/main/java/io/jenkins/plugins/oidc_provider/IdTokenStringCredentials.java

@@ -40,11 +40,11 @@ public final class IdTokenStringCredentials extends IdTokenCredentials implement
 
     private static final long serialVersionUID = 1;
 
-    @DataBoundConstructor public IdTokenStringCredentials(CredentialsScope scope, String id, String description, SupportedKeyAlgorithm algorithm) {
+    public IdTokenStringCredentials(CredentialsScope scope, String id, String description, SupportedKeyAlgorithm algorithm) {
         super(scope, id, description, algorithm);
     }
 
-    public IdTokenStringCredentials(CredentialsScope scope, String id, String description) {
+    @DataBoundConstructor public IdTokenStringCredentials(CredentialsScope scope, String id, String description) {
         super(scope, id, description);
     }
 

src/main/java/io/jenkins/plugins/oidc_provider/config/IdTokenConfiguration.java

@@ -24,8 +24,11 @@
 
 package io.jenkins.plugins.oidc_provider.config;
 
+import com.cloudbees.plugins.credentials.Credentials;
 import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.CredentialsStore;
 import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
+import com.cloudbees.plugins.credentials.domains.Domain;
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
@@ -36,6 +39,7 @@
 import io.jenkins.plugins.oidc_provider.IdTokenStringCredentials;
 import io.jenkins.plugins.oidc_provider.Keys.SupportedKeyAlgorithm;
 import io.jsonwebtoken.Claims;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -155,6 +159,25 @@ public ListBoxModel doFillAlgorithmItems() {
         boolean result =  super.configure(req, json);
 
         // TODO update all credentials once the algorithm has changed
+        for (CredentialsStore store : CredentialsProvider.lookupStores(Jenkins.get())) {
+            for (Domain domain : store.getDomains()) {
+                for (Credentials credentials : store.getCredentials(domain)) {
+                    if(!(credentials instanceof IdTokenCredentials)) {
+                       continue;
+                    }
+
+                    try {
+                        boolean updated = ((IdTokenCredentials) credentials).updateAlgorithm(algorithm);
+
+                        if(updated) {
+                            store.updateCredentials(domain, credentials, credentials);
+                        }
+                    } catch (Exception e) {
+                        throw new RuntimeException(e);
+                    }
+                }
+            }
+        }
 
         return result;
     }